72 matches found
EUVD-2022-3909
Malicious code in bioql PyPI...
EUVD-2022-4145
Malicious code in bioql PyPI...
EUVD-2022-5406
Malicious code in bioql PyPI...
EUVD-2023-2288
Malicious code in bioql PyPI...
EUVD-2022-2616
Malicious code in bioql PyPI...
EUVD-2022-5335
Malicious code in bioql PyPI...
jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials
A flaw was found in the blueocean Jenkins plugin. Affected versions of this plugin allow attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job...
jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials
A flaw was found in the blueocean Jenkins plugin. Affected versions of this plugin allow attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job...
Jenkins Blue Ocean Plugin cross-site request forgery vulnerability
Jenkins Blue Ocean Plugin 1.27.5 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an...
CVE-2023-40341
A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job...
CVE-2023-40341
A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job...
CVE-2023-40341
CVE-2023-40341 is a cross-site request forgery (CSRF) vulnerability in the Jenkins Blue Ocean Plugin, affecting version 1.27.5 and earlier. The flaw allows an attacker to cause the Jenkins instance to connect to an attacker-specified URL, enabling capture of GitHub credentials associated with a j...
CVE-2023-40341
A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job...
CVE-2023-40341
A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job...
plugin: missing permission checks in Blue Ocean Plugin
Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server...
plugin: CSRF vulnerability in Blue Ocean Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server...
plugin: missing permission checks in Blue Ocean Plugin
Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server...
plugin: CSRF vulnerability in Blue Ocean Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server...
plugin: CSRF vulnerability in Blue Ocean Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server...