30 matches found
EUVD-2022-3115
Malicious code in bioql PyPI...
EUVD-2022-5221
Malicious code in bioql PyPI...
CVE-2022-30971
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-30972
A cross-site request forgery CSRF vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file e.g., archived artifacts that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery...
CVE-2020-2277
Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller...
Arbitrary file read vulnerability in Jenkins Storable Configs Plugin
Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller...
Arbitrary file write vulnerability in Jenkins Storable Configs Plugin
Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content...
GHSA-85WG-CG5P-M76P Arbitrary file read vulnerability in Jenkins Storable Configs Plugin
Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller...
Jenkins Storable Configs Plugin XML External Entity Injection Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An XML external entity injection...
GHSA-RR2R-G6XM-58XJ Cross Site Request Forgery in Jenkins Storable Configs Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file e.g., archived artifacts that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery...
CVE-2022-30971
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-30972
A cross-site request forgery CSRF vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file e.g., archived artifacts that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery...
CVE-2022-30971
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-30972
A cross-site request forgery CSRF vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file e.g., archived artifacts that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file e.g., archived artifacts that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery...
Xxe
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-30971
CVE-2022-30971 – Jenkins Storable Configs Plugin XXE . The vulnerability is in Jenkins Storable Configs Plugin 1.0 and earlier, where the XML parser is not configured to prevent XML External Entity (XXE) attacks. This is confirmed by multiple sources in the provided documents (NVD entry for CVE-2...
CVE-2022-30971
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
PT-2022-20428 · Jenkins · Jenkins Storable Configs Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Storable Configs Plugin versions 1.0 and earlier Description: The issue arises from the plugin not configuring its XML parser to prevent XML external entity XXE attacks. This allows attackers with Item/Configure permission to have...
Jenkins Storable Configs Plugin 代码问题漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An XML external entity injection...