26 matches found
EUVD-2022-2189
Malicious code in bioql PyPI...
EUVD-2022-4473
Malicious code in bioql PyPI...
EUVD-2023-1608
Malicious code in bioql PyPI...
EUVD-2022-5070
Malicious code in bioql PyPI...
CVE-2023-32990
A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method...
CVE-2023-32988
A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2023-32990
A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method...
CVE-2023-32989
A cross-site request forgery CSRF vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method...
CVE-2023-32990
A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method...
CVE-2023-32990
CVE-2023-32990 affects Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier. The root cause is missing permission checks in several HTTP endpoints, which allows attackers with Overall/Read permission to connect to an attacker-selected Azure Cloud server using credentials IDs obtained by ...
CVE-2023-32989
A cross-site request forgery CSRF vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method...
CVE-2023-32988
A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2023-32988
CVE-2023-32988 affects Jenkins Azure VM Agents Plugin (852.v8d35f0960a_43 and earlier). The issue is a missing permission check on several HTTP endpoints, allowing users with Overall/Read permissions to enumerate credentials IDs stored in Jenkins. Exploitation details are not provided in the conn...
Jenkins Plugin Azure VM Agents 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2023-24120 · Jenkins · Jenkins Azure Vm Agents Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Azure VM Agents Plugin versions 852.v8d35f0960a 43 and earlier Description: A missing permission check in the Jenkins Azure VM Agents Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials...
PT-2023-24121 · Jenkins · Jenkins Azure Vm Agents Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Azure VM Agents Plugin versions 852.v8d35f0960a 43 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials I...
org.jenkins-ci.plugins:azure-acs (>=0.1.0 <=0.2.4), org.jenkins-ci.plugins:azure-app-service (>=0.1 <=0.4.2) +8 more potentially affected by CVE-2023-25768 via org.jenkins-ci.plugins:azure-credentials (>=1.0 <=1.6.1)
org.jenkins-ci.plugins:azure-credentials MAVEN version =1.0, =0.1.0, =0.1, =0.3.0, =0.6.0, =3.0.0, =0.1.0, =1.0.0, =0.4.8, =0.1.0, =1.3, =1.5 Source cves: CVE-2023-25768 Source advisory: OSV:GHSA-PX2R-CMR2-PHW7...
com.github.kostyasha.yet-another-docker:yet-another-docker-plugin (=0.2.0), org.jenkins-ci.plugins.nodesharing:node-sharing-executor (>=2.0.0 <=2.0.3) +3 more potentially affected by CVE-2021-21631 via org.jenkins-ci.plugins:cloud-stats (>=0.1 <=0.23)
org.jenkins-ci.plugins:cloud-stats MAVEN version =0.1, =2.0.0, =0.4.8, =2.15, =2.6, =2.42 Source cves: CVE-2021-21631 Source advisory: OSV:GHSA-XV69-6RF3-W5G2...
Unprivileged users with Overall/Read access are able to enumerate credential IDs in Azure VM Agents Plugin
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
Information disclosure
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...