EUVD-2023-1967

Malicious code in bioql PyPI...

GHSA-WGVX-9RH5-4G4M Jenkins Benchmark Evaluator Plugin vulnerable to cross-site request forgery

Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the...

CVE-2023-37962

A cross-site request forgery CSRF vulnerability in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the Jenkins controller file system...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the Jenkins controller file system...

CVE-2023-37963

A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the Jenkins controller file system...

CVE-2023-37963

CVE-2023-37963 – Jenkins Benchmark Evaluator Plugin : A missing permission check in the Benchmark Evaluator Plugin (versions 1.0.1 and earlier) allows attackers with Overall/Read to connect to an attacker-specified URL and to check for the existence of directories, ".csv", and ".ycsb" files on th...

CVE-2023-37962

A cross-site request forgery CSRF vulnerability in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the Jenkins controller file system...

CVE-2023-37962

A cross-site request forgery CSRF vulnerability in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the Jenkins controller file system...

CVE-2023-37962

CVE-2023-37962 concerns Jenkins Benchmark Evaluator Plugin versions 1.0.1 and earlier. A CSRF flaw arises because a form-validation method lacks a permission check and does not require POST, enabling attackers with Overall/Read permission to trigger connections to attacker-specified URLs and to p...

PT-2023-26211 · Jenkins · Jenkins Benchmark Evaluator Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Benchmark Evaluator Plugin versions 1.0.1 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb...