Lucene search
K

13 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.27 views

EUVD-2023-1551

Malicious code in bioql PyPI...

7.6CVSS6.5AI score0.00285EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 6:5 a.m.6 views

CVE-2023-30853

Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration cache enabled, potentially exposing secrets...

7.6CVSS7AI score0.00285EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/05/22 12:48 p.m.2 views

Malicious code in matter_build_action (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/05/01 1:42 p.m.26 views

Data written to GitHub Actions Cache may expose secrets

Impact This vulnerability impacts GitHub workflows using the Gradle Build Action that have executed the Gradle Build Tool with the configuration cache enabled, potentially exposing secrets configured for the repository. Secrets configured for GitHub Actions are normally passed to the Gradle Build...

7.6CVSS6.5AI score0.00285EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/04/28 4:15 p.m.61 views

CVE-2023-30853

Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration cache enabled, potentially exposing secrets...

7.6CVSS7.6AI score0.00285EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/04/28 3:10 p.m.8 views

CVE-2023-30853 Gradle Build Action data written to GitHub Actions Cache may expose secrets

Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration cache enabled, potentially exposing secrets...

7.6CVSS7.6AI score0.00285EPSS
Exploits0References2
CVE
CVE
added 2023/04/28 3:10 p.m.43 views

CVE-2023-30853

CVE-2023-30853 describes an information disclosure in the Gradle Build Action for GitHub Actions when the configuration cache is enabled in versions prior to 2.4.2. Environment variables passed to Gradle can be persisted into GitHub Actions cache entries, which may be read by untrusted workflows ...

7.6CVSS7.1AI score0.00285EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/04/06 8:15 p.m.3 views

CVE-2023-1918

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcpreloadsinglecallback function. This makes it possible for unauthenticated attackers to invoke a cache...

4.3CVSS6.6AI score0.00227EPSS
Exploits0References4
NVD
NVD
added 2023/04/02 9:15 p.m.32 views

CVE-2023-28669

Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action...

5.4CVSS5.5AI score0.0056EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2023/03/23 11:26 a.m.26 views

CVE-2023-28669

Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action...

5.4CVSS5.6AI score0.0056EPSS
Exploits0References1
OSV
OSV
added 2022/05/13 1:18 a.m.22 views

GHSA-P9R2-GGHQ-HC57 Jenkins Multijob plugin did not check permissions in the Resume Build action

Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build. Multijob plugin 1.26 introduced a permission check requiring Overall/Administer. This was lowered to Job/Build in version 1.27...

4.3CVSS4.4AI score0.00709EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/05/31 12:0 a.m.8 views

PT-2019-11725 · Jenkins · Jenkins Artifactory Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Artifactory Plugin versions 3.2.2 and earlier Description: A cross-site request forgery issue allows attackers to perform certain actions, including scheduling a release build, performing release staging for Gradle and Maven projects,...

6.5CVSS6.6AI score0.00751EPSS
Exploits0References8
Prion
Prion
added 2018/01/26 2:29 a.m.13 views

Code injection

Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build...

4CVSS4.5AI score0.00709EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder