26 matches found
EUVD-2022-2189
Malicious code in bioql PyPI...
EUVD-2022-4473
Malicious code in bioql PyPI...
EUVD-2023-1608
Malicious code in bioql PyPI...
EUVD-2022-5070
Malicious code in bioql PyPI...
CVE-2023-32990
A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method...
CVE-2023-32988
A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2023-32990
A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method...
CVE-2023-32989
A cross-site request forgery CSRF vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method...
CVE-2023-32990
A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method...
CVE-2023-32990
CVE-2023-32990 affects Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier. The root cause is missing permission checks in several HTTP endpoints, which allows attackers with Overall/Read permission to connect to an attacker-selected Azure Cloud server using credentials IDs obtained by ...
CVE-2023-32989
A cross-site request forgery CSRF vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method...
CVE-2023-32988
A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2023-32988
CVE-2023-32988 affects Jenkins Azure VM Agents Plugin (852.v8d35f0960a_43 and earlier). The issue is a missing permission check on several HTTP endpoints, allowing users with Overall/Read permissions to enumerate credentials IDs stored in Jenkins. Exploitation details are not provided in the conn...
PT-2023-24121 · Jenkins · Jenkins Azure Vm Agents Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Azure VM Agents Plugin versions 852.v8d35f0960a 43 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials I...
Jenkins Plugin Azure VM Agents 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2023-24120 · Jenkins · Jenkins Azure Vm Agents Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Azure VM Agents Plugin versions 852.v8d35f0960a 43 and earlier Description: A missing permission check in the Jenkins Azure VM Agents Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials...
org.jenkins-ci.plugins:azure-acs (>=0.1.0 <=0.2.4), org.jenkins-ci.plugins:azure-app-service (>=0.1 <=0.4.2) +8 more potentially affected by CVE-2023-25768 via org.jenkins-ci.plugins:azure-credentials (>=1.0 <=1.6.1)
org.jenkins-ci.plugins:azure-credentials MAVEN version =1.0, =0.1.0, =0.1, =0.3.0, =0.6.0, =3.0.0, =0.1.0, =1.0.0, =0.4.8, =0.1.0, =1.3, =1.5 Source cves: CVE-2023-25768 Source advisory: OSV:GHSA-PX2R-CMR2-PHW7...
com.github.kostyasha.yet-another-docker:yet-another-docker-plugin (=0.2.0), org.jenkins-ci.plugins.nodesharing:node-sharing-executor (>=2.0.0 <=2.0.3) +3 more potentially affected by CVE-2021-21631 via org.jenkins-ci.plugins:cloud-stats (>=0.1 <=0.23)
org.jenkins-ci.plugins:cloud-stats MAVEN version =0.1, =2.0.0, =0.4.8, =2.15, =2.6, =2.42 Source cves: CVE-2021-21631 Source advisory: OSV:GHSA-XV69-6RF3-W5G2...
Unprivileged users with Overall/Read access are able to enumerate credential IDs in Azure VM Agents Plugin
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
Information disclosure
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...