20 matches found
EUVD-2025-9528
Malicious code in bioql PyPI...
EUVD-2024-3392
Malicious code in bioql PyPI...
CVE-2024-54003
Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Create permission...
CVE-2025-31723
A cross-site request forgery CSRF vulnerability in Jenkins Simple Queue Plugin 1.4.6 and earlier allows attackers to change and reset the build queue order...
Jenkins Simple Queue Plugin Cross-Site Request Forgery (CSRF)
Jenkins Simple Queue Plugin 1.4.6 and earlier does not require POST requests for multiple HTTP endpoints, resulting in cross-site request forgery CSRF vulnerabilities. These vulnerabilities allow attackers to change and reset the build queue order. Simple Queue Plugin 1.4.7 requires POST requests...
Cross-site Request Forgery (CSRF)
Overview io.jenkins.plugins:simple-queue is a plugin that enables to change queue order by simple up & down arrow buttons. UI Queue Sorter. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the HTTP endpoints. An attacker can manipulate the build queue order ...
CVE-2025-31723
A cross-site request forgery CSRF vulnerability in Jenkins Simple Queue Plugin 1.4.6 and earlier allows attackers to change and reset the build queue order...
CVE-2025-31723
A cross-site request forgery CSRF vulnerability in Jenkins Simple Queue Plugin 1.4.6 and earlier allows attackers to change and reset the build queue order...
CVE-2025-31723
The CVE-2025-31723 issue affects Jenkins Simple Queue Plugin 1.4.6 and earlier. A Cross-Site Request Forgery (CSRF) vulnerability lets an attacker change and reset the build queue order via forged HTTP requests. Exploitation is described in SNYK as feasible only when CSRF protection is disabled i...
CVE-2025-31723
A cross-site request forgery CSRF vulnerability in Jenkins Simple Queue Plugin 1.4.6 and earlier allows attackers to change and reset the build queue order...
Jenkins plugin Simple Queue 跨站请求伪造漏洞
Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A cross-site reque...
PT-2025-14513 · Jenkins · Jenkins Simple Queue Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Simple Queue Plugin versions 1.4.6 and earlier Description: A cross-site request forgery CSRF issue allows attackers to change and reset the build queue order. Recommendations: For Jenkins Simple Queue Plugin versions 1.4.6 and earlie...
Jenkins Simple Queue Plugin has stored cross-site scripting (XSS) vulnerability
Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Create permission. Simple Queue Plugin 1.4.5 escapes the view name...
GHSA-4GWV-FPMG-CMV2 Jenkins Simple Queue Plugin has stored cross-site scripting (XSS) vulnerability
Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Create permission. Simple Queue Plugin 1.4.5 escapes the view name...
CVE-2024-54003
Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Create permission...
CVE-2024-54003
Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Create permission...
CVE-2024-54003
Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Create permission...
CVE-2024-54003
CVE-2024-54003 : Jenkins Simple Queue Plugin versions 1.4.4 and earlier are affected by a stored XSS due to the view name not being escaped, exploitable by attackers with View/Create permission. Root cause identified as failure to escape the view name. Impact aligns with high-severity in the CVSS...
Jenkins plugins Multiple Vulnerabilities (2024-11-27)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string. CVE-2024-47855 - Jenkins Simple Queue Plugin 1.4.4...
PT-2024-36010 · Jenkins · Jenkins Simple Queue Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Simple Queue Plugin versions 1.4.4 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability because the view name is not escaped. This vulnerability is exploitable by attackers with View/Create...