EUVD-2022-3596

Malicious code in bioql PyPI...

EUVD-2022-5780

Malicious code in bioql PyPI...

Agent-to-controller security bypass vulnerability in Jenkins Compuware Xpediter Code Coverage Plugin

Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed. It allows attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. This vulnerability...

GHSA-MFCW-83QG-4VW3 Agent-to-controller security bypass vulnerability in Jenkins Compuware Xpediter Code Coverage Plugin

Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed. It allows attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. This vulnerability...

Design/Logic Flaw

Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...

Jenkins Compuware Xpediter Code Coverage Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

CVE-2022-43424

Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...

CVE-2022-43424

CVE-2022-43424 affects the Jenkins Compuware Xpediter Code Coverage Plugin (versions 1.0.7 and earlier). The vulnerability arises from an agent/controller message that is not restricted where it can be executed, enabling an attacker who can control agent processes to read Java system properties f...

CVE-2022-36897

A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...

CVE-2022-36897

A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...

Design/Logic Flaw

A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...

Jenkins Compuware Xpediter Code Coverage Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

GHSA-CMGM-Q8HF-P7JC XXE vulnerability in Jenkins Code Coverage API Plugin

Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the "Publish Coverage Report" post-build step to have Jenkins parse a crafted file that uses external entities for...

Jenkins 代码问题漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A code issue vulnerability exists in Jenkins Code Coverage API Plugin 1.4.0 and prior versions, which stems from an...

PT-2020-15382 · Jenkins · Jenkins Code Coverage Api Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Code Coverage API Plugin versions 1.1.4 and earlier Description: The issue allows a user who can control the input files for the "Publish Coverage Report" post-build step to have Jenkins parse a crafted file that uses external entitie...

CloudBees Jenkins Code Coverage API Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

PT-2020-15313 · Jenkins · Jenkins Code Coverage Api Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Code Coverage API Plugin versions 1.1.2 and earlier Description: The issue is related to a stored XSS vulnerability. It occurs because the filename of the coverage report used in its view is not properly escaped, allowing users who ca...