CVE-2026-6613

A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function deleteagent/stopschedule/getscheduledata of the file superagi/controllers/agent.py. The manipulation of the argument agentid leads to authorization bypass. The attack is possible to be carried out...

EUVD-2022-7046

Malicious code in bioql PyPI...

EUVD-2022-6997

Malicious code in bioql PyPI...

EUVD-2022-2231

Malicious code in bioql PyPI...

EUVD-2022-4535

Malicious code in bioql PyPI...

CVE-2022-43424

Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...

CVE-2022-43422

Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...

CVE-2022-43429

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system...

CVE-2022-43416

Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with...

Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin

Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

GHSA-XP3R-9WX8-Q2MM Agent-to-controller security bypass vulnerabilities in Jenkins Compuware Topaz for Total Test Plugin

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. These...

CVE-2022-43422

Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...

CVE-2022-43416

Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with...

Design/Logic Flaw

Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with...

Input validation

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...

PT-2022-26908 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Compuware Xpediter Code Coverage Plugin versions 1.0.7 and earlier Jenkins versions 2.318 and earlier, LTS 2.303.2 and earlier Description: The issue allows attackers able to control agent processes to obtain the values of Java system...

GHSA-4G38-HRM4-RG94 Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins

The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes. Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow agent processes to read and write arbitrary...

Jenkins Doktor Plugin Proxy Controller Security Bypass Vulnerability

Jenkins plug-ins are plug-ins that provide appropriate functionality for Jenkins. The Jenkins Doktor Plugin Agent Controller security bypass vulnerability can be exploited to allow an attacker to take control of the agent process to determine if a file with a given name exists...

Information Disclosure

jenkins-2-plugins is vulnerable to information disclosure. The vulnerability exists due to the lack of restriction of the name of a file when looking up a subversion key file on the controller from an agent...

Jenkins Access Control Error Vulnerability (CNVD-2021-88717)

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins has an Access Control Error vulnerability that stems from FilePathmkdirs create parent directory operation is n...