RHCOS 3 : Red Hat OpenShift Enterprise 3.1.1 update (Important) (RHSA-2016:0070)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0070 advisory. - commons-fileupload: Arbitrary file upload via deserialization CVE-2013-2186 - stapler-adjunct-zeroclipboard: multiple cross-site...

EUVD-2023-2579

Malicious code in bioql PyPI...

EUVD-2022-2708

Malicious code in bioql PyPI...

EUVD-2022-2814

Malicious code in bioql PyPI...

The vulnerability of the Jenkins automation server lies in its ability to allow unlimited loading of dangerous files, enabling a hacker to gain access to read, modify, or delete these files.

The vulnerability of the Jenkins automation server relates to the loading of files using the Stapler web platform. Stapler creates temporary files in a temporary directory system, with default permissions for newly created files. Exploiting this vulnerability allows an attacker to gain read,...

BIT-JENKINS-2023-43497

In Jenkins LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to...

Jenkins temporary uploaded file created with insecure permissions

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, uploaded files processed via the Stapler web framework and the Jenkins API MultipartFormDataParser create temporary files in the system temporary directory with the default permissions for newly created files. If these permissions are overly...

CVE-2023-43497

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controll...

CVE-2023-43497

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controll...

Design/Logic Flaw

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controll...

CVE-2023-43497

CVE-2023-43497 affects Jenkins 2.423 and earlier, and LTS 2.414.1 and earlier. The root cause is in processing file uploads via the Stapler web framework, which creates temporary files in the system temporary directory with default permissions. This could let an attacker with access to the Jenkin...

CVE-2023-43497

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controll...

Jenkins Code Issues Vulnerabilities

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. Jenkins has a security vulnerability that stems from the use of the Stapler Web framework to handle file uploads creates...

PT-2023-8997 · Jenkins +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.423 and earlier, LTS 2.414.1 and earlier Description: The issue is related to the processing of file uploads using the Stapler web framework, which creates temporary files in the default system temporary directory with the...

Jenkins LTS < 2.414.2 / Jenkins weekly < 2.424 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.414.2 or Jenkins weekly prior to 2.424. It is, therefore, affected by multiple vulnerabilities: - Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through...

Jenkins: Denial of Service attack

A flaw was found in Jenkins. Affected versions of Jenkins use the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service...

GHSA-FRGR-C5F2-8QHH Denial of service in Jenkins Core

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier, and prior to LTS 2.387.1 is affected by the Apache Commons FileUpload library’s vulnerability CVE-2023-24998. This library is used to process uploaded files via the Stapler web framework usually through StaplerRequestgetFile and...

SUSE CVE-2018-1999002

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins...

SUSE CVE-2018-1999007

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in...

SUSE CVE-2019-10354

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information...