Malicious Package

Overview postingzon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...

plugin: missing permission checks in Blue Ocean Plugin

Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server...

Magecart Hackers Compromise 80 More eCommerce Sites to Steal Credit Cards

Cybersecurity researchers have discovered over 80 Magecart compromised e-commerce websites that were actively sending credit card information of online shoppers to the attackers-controlled servers. Operating their businesses in the United States, Canada, Europe, Latin America, and Asia, many of...

PT-2019-11681 · Jenkins · Jenkins Jenkins-Reviewbot Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins jenkins-reviewbot Plugin affected versions not specified Description: A missing permission check in the ReviewboardDescriptordoTestConnection form validation method allows attackers with Overall/Read permission to initiate a connectio...