23 matches found
EUVD-2022-3617
Malicious code in bioql PyPI...
EUVD-2022-5578
Malicious code in bioql PyPI...
CVE-2019-1003008
A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint...
GHSA-CCR8-4XR7-CGJ3 Sandbox bypass vulnerability in Jenkins Script Security Plugin
Jenkins Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call ...
Sandbox bypass vulnerability in Jenkins Script Security Plugin
Jenkins Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call ...
GHSA-CQP7-HWM3-CFG7 XSS vulnerability in Jenkins Warnings Next Generation Plugin
A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java,...
CVE-2022-23107
Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system...
CVE-2022-23107
Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system...
CVE-2022-23107
Jenkins Warnings Next Generation Plugin 9.10.2 and earlier is vulnerable: it does not restrict the filename when configuring a custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller filesystem. Remediation p...
Jenkins Warnings Next Generation 路径遍历漏洞
Jenkins Warnings Next Generation is Jenkins an open source application plugin . The plugin is used to collect compiler warnings or static analysis tools to report problems and visualize the results . A security vulnerability exists in Jenkins Warnings Next Generation Plugin that allows an attacke...
CloudBees Jenkins Warnings Next Generation Plugin Improper Privileges Vulnerability
Jenkins Warnings Next Generation is Jenkins open source an application plugin . The plug-in is used to collect compiler warnings or static analysis tools to report problems and visualize the results . A privilege impropriety vulnerability exists in Jenkins Warnings Next Generation Plugin version...
CVE-2021-21626
Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match...
Jenkins Warnings Next Generation 安全漏洞
Jenkins Warnings Next Generation is Jenkins open source an application plugin . The plug-in is used to collect compiler warnings or static analysis tools to report problems and visualize the results . A privilege impropriety vulnerability exists in Jenkins Warnings Next Generation Plugin version...
PT-2021-14669 · Jenkins · Jenkins Warnings Next Generation Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Warnings Next Generation Plugin versions 8.4.4 and earlier Description: The issue allows attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns mat...
CVE-2019-1003023
A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java,...
CVE-2019-1003023
A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java,...
CVE-2019-1003008
A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint...
CVE-2019-1003008
A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint...
CVE-2019-1003008
A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint...
CVE-2019-1003023
A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java,...