5 matches found
EUVD-2024-0334
Malicious code in bioql PyPI...
jenkins-2-plugins: matrix-project plugin path traversal vulnerability
A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on...
jenkins-2-plugins: matrix-project plugin path traversal vulnerability
A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on...
jenkins-2-plugins: matrix-project plugin path traversal vulnerability
A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on...
PT-2024-2757 · Jenkins +1 · Jenkins Matrix Project Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins Matrix Project Plugin versions 822.v01b 8c85d16d2 and earlier Description: The issue is related to the lack of sanitization of user-defined axis names of multi-configuration projects. This allows attackers with Item/Configure permissi...