16 matches found
EUVD-2022-2602
Malicious code in bioql PyPI...
CVE-2019-16575
A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials...
Improper Authorization in Jenkins Alauda Kubernetes Suport Plugin
A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or...
GHSA-7H24-4X4C-69MF Improper Authorization in Jenkins Alauda Kubernetes Suport Plugin
A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or...
GHSA-5HVR-3FCR-WX8C Cross-Site Request Forgery in Jenkins Alauda Kubernetes Suport Plugin
A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials...
CloudBees Jenkins Alauda Kubernetes Suport plugin cross-site request forgery vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site request forgery...
CVE-2019-16575
A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials...
CVE-2019-16575
A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials...
CVE-2019-16576
A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or...
Design/Logic Flaw
A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials...
CVE-2019-16576
A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or...
CVE-2019-16576
CVE-2019-16576 affects Jenkins Alauda Kubernetes Support Plugin (versions 2.3.0 and earlier). The issue is a missing permission check that lets attackers with Overall/Read access connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, potenti...
CVE-2019-16575
CVE-2019-16575 describes a cross-site request forgery in the Jenkins Alauda Kubernetes Support Plugin (versions ≤ 2.3.0). An attacker can coax the Jenkins instance to connect to a URL of their choosing using attacker-specified credentials IDs, potentially exposing the Kubernetes service account t...
CVE-2019-16575
A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials...
PT-2019-14730 · Jenkins · Jenkins Alauda Kubernetes Support Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Alauda Kubernetes Support Plugin versions 2.3.0 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing the...