EUVD-2023-1527

Malicious code in bioql PyPI...

CVE-2023-33004

A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics...

CVE-2023-33003

A cross-site request forgery CSRF vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics...

Cross-Site Request Forgery (CSRF)

Tag Profiler Plugin is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists because the http endpoint doesn't require POST requests which allows an attacker to perform cross-site request forgery attacks...

Improper Access Control

Tag Profiler Plugin is vulnerable to Improper Access Control. The vulnerability exists due to lack of permission checks on http endpoints which allows an attacker to gain read access and reset the profile statistics...

CVE-2023-33003

A cross-site request forgery CSRF vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics...

CVE-2023-33004

A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics...

CVE-2023-33004

A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics...

CVE-2023-33004

CVE-2023-33004 affects Jenkins Tag Profiler Plugin up to version 0.2 and earlier, where a missing permission check in an HTTP endpoint allows attackers with Overall/Read permission to reset profiler statistics. Root cause: inadequate access controls on the profiling HTTP endpoint. Impact: unautho...

CVE-2023-33003

A cross-site request forgery CSRF vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics...

CVE-2023-33003

CVE-2023-33003 refers to a CSRF vulnerability in Jenkins Tag Profiler Plugin version 0.2 and earlier. The cause is a missing permission check in an HTTP endpoint, allowing attackers with Overall/Read to reset profiler statistics, and the endpoint accepts non-POST requests. Several connected sourc...

CVE-2023-33003

A cross-site request forgery CSRF vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics...

Jenkins Tag Profiler Plugin 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2023-24134 · Jenkins · Jenkins Tag Profiler Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Tag Profiler Plugin versions 0.2 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to reset profiler statistics. The issue arises because the plugin does not perform a permission check in an HTT...

Jenkins Tag Profiler Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. A security vulnerability...