48 matches found
EUVD-2023-1971
Malicious code in bioql PyPI...
EUVD-2022-5388
Malicious code in bioql PyPI...
EUVD-2023-2062
Malicious code in bioql PyPI...
EUVD-2022-2174
Malicious code in bioql PyPI...
EUVD-2022-4864
Malicious code in bioql PyPI...
CVE-2023-37964
A cross-site request forgery CSRF vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-10351
Jenkins Caliper CI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10450
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-10366
Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
Jenkins ElasticBox CI Plugin vulnerable to cross-site request forgery
Jenkins ElasticBox CI Plugin 5.0.1 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials...
CVE-2023-37964
A cross-site request forgery CSRF vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2023-37964
A cross-site request forgery CSRF vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2023-37965
CVE-2023-37965 affects the Jenkins ElasticBox CI Plugin (versions 5.0.1 and earlier). The root cause is missing permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained th...
CVE-2023-37964
A cross-site request forgery CSRF vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2023-37964
CVE-2023-37964 is a CSRF vulnerability affecting Jenkins ElasticBox CI Plugin 5.0.1 and earlier. The issue allows an attacker to cause Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, which can result in credentials stored i...
Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin
Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
GHSA-485Q-V457-3P58 Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin
Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
GHSA-Q2WV-M3PQ-XPV9 Credentials transmitted in plain text by Skytap Cloud CI Plugin
Skytap Cloud CI Plugin stores credentials in job config.xml files as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form by Skytap Cloud CI Plugin 2.07 and earlier. These credentials could be viewed by...
Credentials transmitted in plain text by Skytap Cloud CI Plugin
Skytap Cloud CI Plugin stores credentials in job config.xml files as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form by Skytap Cloud CI Plugin 2.07 and earlier. These credentials could be viewed by...