41 matches found
EUVD-2022-5221
Malicious code in bioql PyPI...
EUVD-2022-3115
Malicious code in bioql PyPI...
CVE-2022-30971
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-30972
A cross-site request forgery CSRF vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file e.g., archived artifacts that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery...
CVE-2020-2277
Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller...
Arbitrary file read vulnerability in Jenkins Storable Configs Plugin
Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller...
Arbitrary file write vulnerability in Jenkins Storable Configs Plugin
Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content...
GHSA-85WG-CG5P-M76P Arbitrary file read vulnerability in Jenkins Storable Configs Plugin
Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller...
GHSA-QV6Q-4JWX-7J5C Arbitrary file write vulnerability in Jenkins Storable Configs Plugin
Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content...
Jenkins Storable Configs Plugin XML External Entity Injection Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An XML external entity injection...
Jenkins Storable Configs Plugin跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Storable Configs Plugin 1.0 and...
Cross Site Request Forgery in Jenkins Storable Configs Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file e.g., archived artifacts that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery...
XML External Entity Reference in Jenkins Storable Configs Plugin
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with Item/Configure permission to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller...
GHSA-RR2R-G6XM-58XJ Cross Site Request Forgery in Jenkins Storable Configs Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file e.g., archived artifacts that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery...
GHSA-WQMP-2P5R-RHFV XML External Entity Reference in Jenkins Storable Configs Plugin
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with Item/Configure permission to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller...
CVE-2022-30971
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-30972
A cross-site request forgery CSRF vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file e.g., archived artifacts that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery...
CVE-2022-30971
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-30972
A cross-site request forgery CSRF vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file e.g., archived artifacts that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery...
CVE-2022-30971
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...