40 matches found
CVE-2026-48925
A cross-site request forgery CSRF vulnerability in Jenkins GitHub Integration Plugin 0.7.3 and earlier allows attackers to attackers to trigger a build for a pull request...
Jenkins GitHub Integration Plugin 安全漏洞
The Jenkins GitHub Integration Plugin is an open-source integration plugin for Jenkins. Versions of the Jenkins GitHub Integration Plugin prior to 0.7.3 have security vulnerabilities; these vulnerabilities stem from cross-site request forgery attacks, which could allow attackers to trigger build...
GHSA-MRPQ-9JR3-RQQ9 Jenkins MCP Server Plugin does not perform permission checks in multiple MCP tools
Jenkins MCP Server Plugin 0.84.v50ca24ef83f2 and earlier does not perform permission checks in several MCP tools. This allows to do the following: - Attackers with Item/Read permission can obtain information about the configured SCM in a job despite lacking Item/Extended Read permission getJobScm...
Jenkins MCP Server Plugin does not perform permission checks in multiple MCP tools
Jenkins MCP Server Plugin 0.84.v50ca24ef83f2 and earlier does not perform permission checks in several MCP tools. This allows to do the following: - Attackers with Item/Read permission can obtain information about the configured SCM in a job despite lacking Item/Extended Read permission getJobScm...
EUVD-2020-6465
Malware in sbrugna...
EUVD-2024-0969
Malicious code in bioql PyPI...
EUVD-2022-7357
Malicious code in bioql PyPI...
EUVD-2024-1005
Malicious code in bioql PyPI...
CVE-2024-28158
A cross-site request forgery CSRF vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build...
CVE-2022-45385
A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository...
CVE-2020-2141
A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.10 and earlier allows attackers to trigger builds or add a labels in Perforce...
Jenkins Subversion Partial Release Manager Plugin missing permission check
A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build...
GHSA-RV35-69FF-G9GV Jenkins Subversion Partial Release Manager Plugin vulnerable to Cross-Site Request Forgery
A cross-site request forgery CSRF vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build...
CVE-2024-28159
A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build...
CVE-2024-28158
A cross-site request forgery CSRF vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build...
CVE-2024-28159
A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build...
CVE-2024-28158
A cross-site request forgery CSRF vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build...
CVE-2024-28158
A cross-site request forgery CSRF vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build...
Jenkins: Temporary file parameter created with insecure permissions
A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the defau...