15 matches found
CVE-2018-1000189
A command execution vulnerability exists in Jenkins Absint Astree Plugin 1.0.5 and older in AstreeBuilder.java that allows attackers with Overall/Read access to execute a command on the Jenkins master...
Jenkins AbsInt a³ Plugin XML External Entity Reference vulnerability
Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control Project File APX contents to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets from the...
GHSA-WF8M-QR47-XC9M Jenkins AbsInt a³ Plugin XML External Entity Reference vulnerability
Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control Project File APX contents to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets from the...
CVE-2023-28685
Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2023-28685
Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Jenkins Plugins AbsInt a³ 代码问题漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
CVE-2023-28685
CVE-2023-28685 affects Jenkins AbsInt a³ Plugin (≤1.1.0). It does not configure its XML parser to prevent XML External Entity (XXE) attacks, enabling potential disclosure of secrets from the Jenkins controller via crafted XML. CVSSv3.1 base score 7.1 (HIGH): Network attack vector, LOW privileges ...
CVE-2023-28685
Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CSRF vulnerability and missing permission checks in Jenkins AbsInt Astrée Plugin
A command execution vulnerability exists in Jenkins Absint Astree Plugin 1.0.5 and older in AstreeBuilder.java that allows attackers with Overall/Read access to execute a command on the Jenkins master...
GHSA-C9PX-7J36-F35V CSRF vulnerability and missing permission checks in Jenkins AbsInt Astrée Plugin
A command execution vulnerability exists in Jenkins Absint Astree Plugin 1.0.5 and older in AstreeBuilder.java that allows attackers with Overall/Read access to execute a command on the Jenkins master...
CloudBees Jenkins Absint Astree Plugin Command Execution Vulnerability
CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Absint Astree Plugin is used in one ...
CVE-2018-1000189
A command execution vulnerability exists in Jenkins Absint Astree Plugin 1.0.5 and older in AstreeBuilder.java that allows attackers with Overall/Read access to execute a command on the Jenkins master...
CVE-2018-1000189
A command execution vulnerability exists in Jenkins Absint Astree Plugin 1.0.5 and older in AstreeBuilder.java that allows attackers with Overall/Read access to execute a command on the Jenkins master...
CVE-2018-1000189
The CVE-2018-1000189 entry describes a command-execution vulnerability in the Jenkins AbsInt Astree Plugin, version 1.0.5 and older, rooted in AstreeBuilder.java. The issue allows attackers with Overall/Read access to run arbitrary commands on the Jenkins master. Connected sources corroborate the...