39 matches found
EUVD-2023-2769
Malicious code in bioql PyPI...
EUVD-2023-2710
Malicious code in bioql PyPI...
EUVD-2022-3060
Malicious code in bioql PyPI...
CVE-2021-21647
Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having Item/Build permission...
Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion
In Jenkins CloudBees CD Plugin, artifacts that were previously copied from an agent to the controller are deleted after publishing by the 'CloudBees CD - Publish Artifact' post-build step. CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory...
GHSA-JX7X-RF3F-J644 Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion
In Jenkins CloudBees CD Plugin, artifacts that were previously copied from an agent to the controller are deleted after publishing by the 'CloudBees CD - Publish Artifact' post-build step. CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory...
GHSA-9GGW-H9MF-4JH7 Jenkins CloudBees CD Plugin vulnerable to arbitrary file read
Jenkins CloudBees CD Plugin temporarily copies files from an agent workspace to the controller in preparation for publishing them in the 'CloudBees CD - Publish Artifact' post-build step. CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the temporary directory...
Jenkins CloudBees CD Plugin vulnerable to arbitrary file read
Jenkins CloudBees CD Plugin temporarily copies files from an agent workspace to the controller in preparation for publishing them in the 'CloudBees CD - Publish Artifact' post-build step. CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the temporary directory...
CVE-2023-46654
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller...
CVE-2023-46655
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins...
CVE-2023-46654
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller...
CVE-2023-46655
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins...
Design/Logic Flaw
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins...
CVE-2023-46655
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins...
CVE-2023-46655
CVE-2023-46655 affects Jenkins CloudBees CD Plugin 1.1.32 and earlier, which, during the CloudBees CD - Publish Artifact post-build step, follows symbolic links to locations outside the published artifacts directory. This can allow attackers who can configure jobs to publish arbitrary files from ...
CVE-2023-46655
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins...
CVE-2023-46654
CVE-2023-46654 affects Jenkins CloudBees CD Plugin 1.1.32 and earlier. The cleanup step “CloudBees CD - Publish Artifact” follows symbolic links to locations outside the expected directory, enabling an attacker who can configure jobs to delete arbitrary files on the Jenkins controller filesystem....
CVE-2023-46654
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller...
Jenkins Plugin CloudBees CD Backlinking Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2023-6543 · Cloudbees +1 · Jenkins Cloudbees Cd Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins CloudBees CD Plugin versions 1.1.32 and earlier Description: The issue is related to the handling of symbolic links during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step. This allows attackers who can...