34 matches found
EUVD-2022-4091
Malicious code in bioql PyPI...
CVE-2020-2094
A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient...
CVE-2020-2093
A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers to send an email with fixed content to an attacker-specified recipient...
CVE-2025-47885
Jenkins Health Advisor by CloudBees Plugin 374.v194bd4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control Jenkins Health Advisor server responses...
GHSA-XRPQ-4G9W-QRWJ Jenkins Health Advisor by CloudBees Plugin Vulnerable to Cross-Site Scripting
Jenkins Health Advisor by CloudBees Plugin 374.v194bd4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control Jenkins Health Advisor server responses...
Jenkins Health Advisor by CloudBees Plugin Vulnerable to Cross-Site Scripting
Jenkins Health Advisor by CloudBees Plugin 374.v194bd4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control Jenkins Health Advisor server responses...
CVE-2025-47885
Jenkins Health Advisor by CloudBees Plugin 374.v194bd4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control Jenkins Health Advisor server responses...
CVE-2025-47885
Jenkins Health Advisor by CloudBees Plugin 374.v194bd4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control Jenkins Health Advisor server responses...
CVE-2025-47885
Jenkins Health Advisor by CloudBees Plugin 374.v194bd4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control Jenkins Health Advisor server responses...
CVE-2025-47885
CVE-2025-47885 affects Jenkins Health Advisor by CloudBees Plugin (374.v194b_d4f0c8c8 and earlier). The root cause is failure to escape responses from the Jenkins Health Advisor server, resulting in a stored XSS vulnerability that can be exploited by an attacker who can control server responses. ...
CVE-2025-47885
Jenkins Health Advisor by CloudBees Plugin 374.v194bd4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control Jenkins Health Advisor server responses...
PT-2025-21238 · Cloudbees +1 · Jenkins Health Advisor By Cloudbees Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Health Advisor by CloudBees Plugin versions 374.v194b d4f0c8c8 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the plugin does not escape responses from the Jenkins...
PT-2022-27487 · Cloudbees +1 · Jenkins Cloudbees Docker Hub/Registry Notification Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins CloudBees Docker Hub/Registry Notification Plugin versions 2.6.2 and earlier Description: A missing permission check in the Jenkins CloudBees Docker Hub/Registry Notification Plugin allows unauthenticated attackers to trigger builds o...
Incorrect permission check in Health Advisor by CloudBees Plugin
Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to view an administrative configuration page. Health Advisor by CloudBees Plugin 3.2.1 requires Overall/Administer to view its...
Missing permission checks in Health Advisor by CloudBees Plugin
Health Advisor by CloudBees Plugin 3.0 and earlier does not perform permission checks in methods performing form validation. This allows users with Overall/Read access to send an email with fixed content to an attacker-specified recipient. Additionally, these form validation methods do not requir...
GHSA-H72V-652W-XV64 Missing permission checks in Health Advisor by CloudBees Plugin
Health Advisor by CloudBees Plugin 3.0 and earlier does not perform permission checks in methods performing form validation. This allows users with Overall/Read access to send an email with fixed content to an attacker-specified recipient. Additionally, these form validation methods do not requir...
GHSA-FC92-8R77-9297 CSRF vulnerability in Health Advisor by CloudBees Plugin
Health Advisor by CloudBees Plugin 3.0 and earlier does not perform permission checks in methods performing form validation. This allows users with Overall/Read access to send an email with fixed content to an attacker-specified recipient. Additionally, these form validation methods do not requir...
CSRF vulnerability in Health Advisor by CloudBees Plugin
Health Advisor by CloudBees Plugin 3.0 and earlier does not perform permission checks in methods performing form validation. This allows users with Overall/Read access to send an email with fixed content to an attacker-specified recipient. Additionally, these form validation methods do not requir...
PT-2020-15483 · Cloudbees +1 · Jenkins Health Advisor By Cloudbees Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Health Advisor by CloudBees Plugin versions 3.2.0 and earlier Description: The issue arises from an incorrect permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view the endpoint, which includes a...
CVE-2020-2093
A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers to send an email with fixed content to an attacker-specified recipient...