EUVD-2022-6299

Malicious code in bioql PyPI...

PT-2023-22761 · Jenkins · Jenkins Turboscript Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins TurboScript Plugin versions 1.3 and earlier Description: A missing permission check in the plugin allows attackers with Item/Read permission to trigger builds of jobs corresponding to the attacker-specified repository. Recommendations...

jenkins-plugin: Cross-site Request Forgery (CSRF) in org.jenkins-ci.plugins:git

A flaw was found in the Git Jenkins plugin. The affected versions of the Git Jenkins Plugin allow attackers to trigger the builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit...

CVE-2022-45389

A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository...

Design/Logic Flaw

A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits...

CVE-2022-41238

A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits...

CVE-2022-36883

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit...