Lucene search
K

23 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-5578

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.01151EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-3617

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.01041EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 4:12 a.m.9 views

CVE-2019-1003008

A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint...

8.8CVSS7.5AI score0.01151EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/24 5:29 p.m.34 views

Sandbox bypass vulnerability in Jenkins Script Security Plugin

Jenkins Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call ...

9.9CVSS9.3AI score0.02126EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/24 5:29 p.m.3 views

GHSA-CCR8-4XR7-CGJ3 Sandbox bypass vulnerability in Jenkins Script Security Plugin

Jenkins Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call ...

9.9CVSS6.2AI score0.02126EPSS
Exploits0References6
OSV
OSV
added 2022/05/13 1:31 a.m.25 views

GHSA-CQP7-HWM3-CFG7 XSS vulnerability in Jenkins Warnings Next Generation Plugin

A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java,...

6.1CVSS6AI score0.01041EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/01/12 8:15 p.m.6 views

CVE-2022-23107

Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system...

8.1CVSS5.8AI score0.01886EPSS
Exploits0References3
NVD
NVD
added 2022/01/12 8:15 p.m.15 views

CVE-2022-23107

Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system...

8.1CVSS0.01886EPSS
Exploits0References2
CVE
CVE
added 2022/01/12 7:6 p.m.104 views

CVE-2022-23107

Jenkins Warnings Next Generation Plugin 9.10.2 and earlier is vulnerable: it does not restrict the filename when configuring a custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller filesystem. Remediation p...

8.1CVSS7.7AI score0.01886EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/01/12 12:0 a.m.7 views

Jenkins Warnings Next Generation 路径遍历漏洞

Jenkins Warnings Next Generation is Jenkins an open source application plugin . The plugin is used to collect compiler warnings or static analysis tools to report problems and visualize the results . A security vulnerability exists in Jenkins Warnings Next Generation Plugin that allows an attacke...

8.1CVSS7.7AI score0.01886EPSS
Exploits0References6
CNVD
CNVD
added 2021/03/22 12:0 a.m.7 views

CloudBees Jenkins Warnings Next Generation Plugin Improper Privileges Vulnerability

Jenkins Warnings Next Generation is Jenkins open source an application plugin . The plug-in is used to collect compiler warnings or static analysis tools to report problems and visualize the results . A privilege impropriety vulnerability exists in Jenkins Warnings Next Generation Plugin version...

4.3CVSS6.5AI score0.00857EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/03/18 1:35 p.m.28 views

CVE-2021-21626

Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match...

5.2AI score0.00857EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/03/18 12:0 a.m.5 views

Jenkins Warnings Next Generation 安全漏洞

Jenkins Warnings Next Generation is Jenkins open source an application plugin . The plug-in is used to collect compiler warnings or static analysis tools to report problems and visualize the results . A privilege impropriety vulnerability exists in Jenkins Warnings Next Generation Plugin version...

4.3CVSS5.7AI score0.00857EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/03/18 12:0 a.m.3 views

PT-2021-14669 · Jenkins · Jenkins Warnings Next Generation Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Warnings Next Generation Plugin versions 8.4.4 and earlier Description: The issue allows attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns mat...

4.3CVSS4.3AI score0.00857EPSS
Exploits0References6
NVD
NVD
added 2019/02/06 4:29 p.m.20 views

CVE-2019-1003023

A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java,...

6.1CVSS6AI score0.01041EPSS
Exploits0References1
OSV
OSV
added 2019/02/06 4:29 p.m.17 views

CVE-2019-1003023

A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java,...

6.1CVSS6.1AI score
Exploits0References1
NVD
NVD
added 2019/02/06 4:29 p.m.22 views

CVE-2019-1003008

A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint...

8.8CVSS8.8AI score0.01151EPSS
Exploits0References1
OSV
OSV
added 2019/02/06 4:29 p.m.16 views

CVE-2019-1003008

A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint...

8.8CVSS7.5AI score
Exploits0References1
CVE
CVE
added 2019/02/06 4:0 p.m.55 views

CVE-2019-1003008

CVE-2019-1003008 describes a CSRF vulnerability in Jenkins Warnings Next Generation Plugin (versions ≤ 2.1.1) where a form-validation HTTP endpoint used to validate a Groovy script lacked sandbox protection and did not require POST, enabling arbitrary code execution on the Jenkins controller via ...

8.8CVSS8.8AI score0.01151EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/02/06 4:0 p.m.60 views

CVE-2019-1003023

The Jenkins Warnings Next Generation Plugin versions 1.0.1 and earlier are vulnerable to cross-site scripting via input to the warnings parser, allowing an attacker who can control parser input to cause Jenkins to render arbitrary HTML. Affected files include DetailsTableModel.java, SourceDetail....

6.1CVSS5.9AI score0.01041EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder