26 matches found
EUVD-2022-1178
Malicious code in bioql PyPI...
CVE-2020-2288
In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling...
Incorrect default pattern in Jenkins Audit Trail Plugin
Jenkins Audit Trail Plugin uses regular expressions to match requested URLs whose dispatch should be logged. In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request...
XSS vulnerability in Jenkins Audit Trail Plugin
Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. Audit Trail Plugin 3.3 escapes the affected part of the error message...
GHSA-CJ2G-WWFV-MVJH XSS vulnerability in Jenkins Audit Trail Plugin
Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. Audit Trail Plugin 3.3 escapes the affected part of the error message...
Request logging bypass in Jenkins Audit Trail Plugin
Audit Trail Plugin logs requests whose URL path matches an admin-configured regular expression. A discrepancy between the behavior of the plugin and the Stapler web framework in parsing URL paths allows attackers to craft URLs that would bypass request logging in Audit Trail Plugin 3.6 and earlie...
GHSA-RPJ6-2Q8R-98F8 Request logging bypass in Jenkins Audit Trail Plugin
Audit Trail Plugin logs requests whose URL path matches an admin-configured regular expression. A discrepancy between the behavior of the plugin and the Stapler web framework in parsing URL paths allows attackers to craft URLs that would bypass request logging in Audit Trail Plugin 3.6 and earlie...
CloudBees Jenkins Audit Trail Plugin Resource Management Error Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Audit Trail Plugin is used in one of the audi...
CloudBees Jenkins Release Plugin Cross-Site Scripting Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Audit Trail Plugin is used in one of the audi...
CloudBees Jenkins Role-based Authorization Strategy Plugin Privilege Obsolete Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Audit Trail Plugin is used in one of the audi...
CloudBees Jenkins Audit Trail Plugin URL Path Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Audit Trail Plugin is used in one of the audi...
CVE-2020-2287
Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL...
Cross site request forgery (csrf)
Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL...
CVE-2020-2287
CVE-2020-2287 affects the Jenkins Audit Trail Plugin (versions 3.6 and earlier). The vulnerability arises from how the plugin parses URL paths, using a different representation than the Stapler web framework, which can let an attacker craft URLs that bypass request logging for any target URL. The...
CVE-2020-2287
Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL...
CVE-2020-2288
In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling...
CVE-2020-2288
Jenkins Audit Trail Plugin (versions ≤ 3.6) contains a flaw where the default regular expression used to match URLs can be bypassed by appending arbitrary suffixes to requests, causing those requests to be ignored during handling. The issue is addressed in 3.7 and later; upgrading to 3.7+ is reco...
CVE-2020-2287
Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL...
PT-2020-15517 · Jenkins · Stapler +2
Name of the Vulnerable Software and Affected Versions: Jenkins Audit Trail Plugin versions 3.6 and earlier Description: The issue arises from a discrepancy in how the Audit Trail Plugin and the Stapler web framework parse URL paths, allowing attackers to craft URLs that bypass request logging. Th...
PT-2020-15518 · Jenkins · Jenkins Audit Trail Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Audit Trail Plugin versions 3.6 and earlier Description: The default regular expression pattern in the Jenkins Audit Trail Plugin could be bypassed by adding a suffix to the URL that would be ignored during request handling. This issu...