20 matches found
EUVD-2023-0355
Malicious code in bioql PyPI...
EUVD-2023-0346
Malicious code in bioql PyPI...
CVE-2023-24459
A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...
CVE-2023-24458
A cross-site request forgery CSRF vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL...
GHSA-67W4-W877-JV29 Missing permission check in Jenkins BearyChat Plugin
A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...
CVE-2023-24458
A cross-site request forgery CSRF vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL...
CVE-2023-24458
A cross-site request forgery CSRF vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL...
CVE-2023-24459
A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...
Information disclosure
A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL...
Jenkins Plugin BearyChat 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Plugin BearyChat 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
CVE-2023-24458
CVE-2023-24458 is a CSRF vulnerability in the Jenkins BearyChat Plugin (versions 3.0.2 and earlier). The issue arises in a form-validation path, allowing an attacker with Overall/Read permission to cause the Jenkins controller to connect to an attacker‑specified URL. The linked documents corrobor...
CVE-2023-24458
A cross-site request forgery CSRF vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL...
PT-2023-19618 · Jenkins · Jenkins Bearychat Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins BearyChat Plugin versions 3.0.2 and earlier Description: A cross-site request forgery CSRF issue allows attackers to connect to an attacker-specified URL. Recommendations: For Jenkins BearyChat Plugin versions 3.0.2 and earlier, updat...
PT-2023-19619 · Jenkins · Jenkins Bearychat Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins BearyChat Plugin versions 3.0.2 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL. Recommendations: For Jenkins BearyChat Plugin...
CVE-2023-24459
A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...
CVE-2023-24458
A cross-site request forgery CSRF vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL...
CVE-2023-24458
A cross-site request forgery CSRF vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL...
CVE-2023-24459
The CVE-2023-24459 entry affects the Jenkins BearyChat Plugin (versions 3.0.2 and earlier). The root cause is a missing permission check in a form-validation path within the plugin, allowing attackers with Overall/Read permission to cause the plugin to connect to an attacker-specified URL. The vu...