Lucene search
+L

41 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-0784

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.01107EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.10 views

EUVD-2022-2824

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.01296EPSS
Exploits0References4
redhatcve
redhatcve
added 2025/05/23 1:25 a.m.9 views

CVE-2022-25208

A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...

8.8CVSS6.6AI score0.01097EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 12:4 a.m.9 views

CVE-2022-25207

A cross-site request forgery CSRF vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...

8.8CVSS6.8AI score0.00717EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 10:36 p.m.7 views

CVE-2022-25209

Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.8CVSS6.7AI score0.01107EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 10:7 a.m.12 views

CVE-2019-1003086

A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.6AI score0.01296EPSS
Exploits0References1
github
github
added 2022/05/13 1:25 a.m.22 views

CSRF vulnerability in Jenkins sinatra-chef-builder Plugin

A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.6AI score0.01296EPSS
Exploits0References5Affected Software1
osv
osv
added 2022/02/16 12:1 a.m.20 views

GHSA-FQ56-C7RJ-J3J9 Missing permission checks in Jenkins Chef Sinatra Plugin allow XXE

Jenkins Chef Sinatra Plugin 1.20 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse the response as XML. As the plugin doe...

8.8CVSS8.7AI score0.01097EPSS
Exploits0References4
osv
osv
added 2022/02/16 12:1 a.m.29 views

GHSA-38W8-H222-WRPP Improper Restriction of XML External Entity Reference in Jenkins Chef Sinatra

Chef Sinatra Plugin 1.20 and earlier does not perform a permission check in a method implementing form validation. As the plugin does not configure its XML parser to prevent XML external entity XXE attacks, attackers can have Jenkins parse a crafted XML response that uses external entities for...

7.1CVSS8.5AI score0.01107EPSS
Exploits0References2
github
github
added 2022/02/16 12:1 a.m.30 views

Improper Restriction of XML External Entity Reference in Jenkins Chef Sinatra

Chef Sinatra Plugin 1.20 and earlier does not perform a permission check in a method implementing form validation. As the plugin does not configure its XML parser to prevent XML external entity XXE attacks, attackers can have Jenkins parse a crafted XML response that uses external entities for...

8.8CVSS4AI score0.01107EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2022/02/15 5:15 p.m.8 views

CVE-2022-25209

Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.8CVSS7.3AI score0.01107EPSS
Exploits0References2
attackerkb
attackerkb
added 2022/02/15 5:15 p.m.5 views

CVE-2022-25208

A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...

8.8CVSS7.3AI score0.01097EPSS
Exploits0References3
nvd
nvd
added 2022/02/15 5:15 p.m.37 views

CVE-2022-25209

Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.8CVSS0.01107EPSS
Exploits0References1
attackerkb
attackerkb
added 2022/02/15 5:15 p.m.6 views

CVE-2022-25207

A cross-site request forgery CSRF vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...

8.8CVSS7.3AI score0.00717EPSS
Exploits0References3
nvd
nvd
added 2022/02/15 5:15 p.m.33 views

CVE-2022-25208

A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...

8.8CVSS0.01097EPSS
Exploits0References2
osv
osv
added 2022/02/15 5:15 p.m.32 views

CVE-2022-25208

A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...

8.8CVSS8.8AI score
Exploits0References2
nvd
nvd
added 2022/02/15 5:15 p.m.39 views

CVE-2022-25207

A cross-site request forgery CSRF vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...

8.8CVSS0.00717EPSS
Exploits0References2
osv
osv
added 2022/02/15 5:15 p.m.32 views

CVE-2022-25209

Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.8CVSS8.9AI score
Exploits0References1
osv
osv
added 2022/02/15 5:15 p.m.30 views

CVE-2022-25207

A cross-site request forgery CSRF vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...

8.8CVSS7AI score
Exploits0References2
prion
prion
added 2022/02/15 5:15 p.m.21 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...

6.8CVSS8.7AI score0.00717EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder