41 matches found
EUVD-2022-3021
Malicious code in bioql PyPI...
EUVD-2022-5450
Malicious code in bioql PyPI...
EUVD-2022-7233
Malicious code in bioql PyPI...
EUVD-2023-2769
Malicious code in bioql PyPI...
EUVD-2022-3060
Malicious code in bioql PyPI...
EUVD-2022-4391
Malicious code in bioql PyPI...
CVE-2021-21647
Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having Item/Build permission...
CVE-2020-2211
Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...
GHSA-9GGW-H9MF-4JH7 Jenkins CloudBees CD Plugin vulnerable to arbitrary file read
Jenkins CloudBees CD Plugin temporarily copies files from an agent workspace to the controller in preparation for publishing them in the 'CloudBees CD - Publish Artifact' post-build step. CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the temporary directory...
GHSA-JX7X-RF3F-J644 Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion
In Jenkins CloudBees CD Plugin, artifacts that were previously copied from an agent to the controller are deleted after publishing by the 'CloudBees CD - Publish Artifact' post-build step. CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory...
CVE-2023-46655
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins...
CVE-2023-46655
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins...
CVE-2023-46655
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins...
CVE-2023-46654
CVE-2023-46654 affects Jenkins CloudBees CD Plugin 1.1.32 and earlier. The cleanup step “CloudBees CD - Publish Artifact” follows symbolic links to locations outside the expected directory, enabling an attacker who can configure jobs to delete arbitrary files on the Jenkins controller filesystem....
CVE-2023-46654
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller...
CVE-2023-46654
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller...
PT-2023-6543 · Cloudbees +1 · Jenkins Cloudbees Cd Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins CloudBees CD Plugin versions 1.1.32 and earlier Description: The issue is related to the handling of symbolic links during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step. This allows attackers who can...
PT-2023-30144 · Cloudbees +1 · Jenkins Cloudbees Cd Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins CloudBees CD Plugin versions 1.1.32 and earlier Description: The issue allows attackers who can configure jobs to publish arbitrary files from the Jenkins controller file system to the previously configured CloudBees CD server. This i...
GHSA-7RX6-4VWV-432G Missing permission check in Jenkins CloudBees CD Plugin allows scheduling builds
Jenkins CloudBees CD Plugin does not perform a permission check in an HTTP endpoint. This allows attackers with Item/Read permission to schedule builds of projects without having Item/Build permission. Jenkins CloudBees CD Plugin requires Item/Build permission to schedule builds via its HTTP...
Jenkins Data Theorem Mobile Security: CI/CD Plugin has Insufficiently Protected Credentials
Data Theorem Mobile Security: CI/CD Plugin stored a proxy password unencrypted in job config.xml files on the Jenkins controller. This password could be viewed by users with Extended Read permission, or access to the Jenkins controller file system. Data Theorem Mobile Security: CI/CD Plugin now...