41 matches found
EUVD-2022-0784
Malicious code in bioql PyPI...
EUVD-2022-2824
Malicious code in bioql PyPI...
CVE-2022-25208
A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...
CVE-2022-25207
A cross-site request forgery CSRF vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...
CVE-2022-25209
Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2019-1003086
A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
CSRF vulnerability in Jenkins sinatra-chef-builder Plugin
A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
GHSA-FQ56-C7RJ-J3J9 Missing permission checks in Jenkins Chef Sinatra Plugin allow XXE
Jenkins Chef Sinatra Plugin 1.20 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse the response as XML. As the plugin doe...
Improper Restriction of XML External Entity Reference in Jenkins Chef Sinatra
Chef Sinatra Plugin 1.20 and earlier does not perform a permission check in a method implementing form validation. As the plugin does not configure its XML parser to prevent XML external entity XXE attacks, attackers can have Jenkins parse a crafted XML response that uses external entities for...
GHSA-38W8-H222-WRPP Improper Restriction of XML External Entity Reference in Jenkins Chef Sinatra
Chef Sinatra Plugin 1.20 and earlier does not perform a permission check in a method implementing form validation. As the plugin does not configure its XML parser to prevent XML external entity XXE attacks, attackers can have Jenkins parse a crafted XML response that uses external entities for...
CVE-2022-25207
A cross-site request forgery CSRF vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...
CVE-2022-25209
Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-25208
A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...
CVE-2022-25207
A cross-site request forgery CSRF vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...
CVE-2022-25208
A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...
CVE-2022-25207
A cross-site request forgery CSRF vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...
CVE-2022-25208
A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...
CVE-2022-25209
Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-25209
Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...