EUVD-2024-36558

Malicious code in bioql PyPI...

Jenkins Missing Permission Check

Jenkins 2.503 and earlier, LTS 2.492.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration. This is due to an...

jenkins: Inbound TCP Agent Protocol/3 authentication bypass

A flaw was found in Jenkins. Encryption key parameters are improperly reused in the Inbound TCP Agent Protocol/3 allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents. The highest threat from this vulnerability is to data confidentiality...

PT-2020-15305 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.213 and earlier Jenkins LTS versions 2.204.1 and earlier Description: The issue arises from the improper reuse of encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge...