63 matches found
CVE-2026-10276
A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component getbuildstatus/getbuildlog/triggerbuild. Such manipulation leads to server-side request forgery. The attack may be performed from remote. T...
CVE-2026-49372
In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible...
JetBrains TeamCity < 2025.11.5 Multiple Vulnerabilities
The version of JetBrains TeamCity installed on the remote host is prior to 2025.11.5. It is, therefore, affected by multiple vulnerabilities: - In JetBrains TeamCity before 2026.1, 2025.11.5 authenticated users could expose server API to unauthorised access CVE-2026-44413 - In JetBrains TeamCity...
CVE-2026-10276 hekmon8 Jenkins-server-mcp get_build_status/get_build_log/trigger_build index.ts jobPath server-side request forgery
A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component getbuildstatus/getbuildlog/triggerbuild. Such manipulation leads to server-side request forgery. The attack may be performed from remote. T...
CVE-2026-49372
In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible...
EUVD-2026-33380
In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible...
CVE-2026-49372
In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible...
CVE-2026-49372
In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible...
CVE-2026-49372
In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible...
CVE-2026-49372
CVE-2026-49372 affects JetBrains TeamCity prior to 2026.1, with an unauthenticated SSRF via build status disclosed (noted as of 2025.11.5). The available sources confirm the vulnerability class (SSRF) and the affected product/version window, but do not provide patch details or remediation steps i...
PT-2026-44952
Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1 JetBrains TeamCity version 2025.11.5 Description An unauthenticated Server-Side Request Forgery SSRF is possible via the build status. SSRF is a flaw that allows an attacker to induce the server-side...
EUVD-2012-1131
Malware in sbrugna...
EUVD-2019-15045
Malware in sbrugna...
EUVD-2022-6198
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2019-5463
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was...
CVE-2022-34180
Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified j...
CVE-2019-5463
An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...
CVE-2019-10335
A stored cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier allowed attackers able to configure jobs in Jenkins or control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in the plugin-provided output on build status pages...
SUSE CVE-2012-1095
osc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted 1 build log or 2 build status that contains an escape sequence for a terminal emulator...
GHSA-XXHF-XQ6V-C8MJ Improper authorization in Jenkins Embeddable Build Status Plugin bypasses ViewStatus permission requirement
Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access. This allows attackers without any permissions to obtain the build status badge icon for any attacker-specified job...