Insertion of Sensitive Information into Log File

Overview org.springframework.cloud:spring-cloud-config-server is a library that provides an HTTP resource-based API for external configuration. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File through the AwsCodeCommitCredentialProvider class in...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1884 more potentially affected by CVE-2025-67635 via org.jenkins-ci.main:cli (>=1.396 <=2.528.2)

org.jenkins-ci.main:cli MAVEN version =1.396, =1.1, =0.0.1, =1.0, =55.v51410e712e0c, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.23 and more Source cves: CVE-2025-67635 Source advisory: OSV:GHSA-9P56-P6MW-W8QC...

EUVD-2023-2477

Malicious code in bioql PyPI...

EUVD-2023-2499

Malicious code in bioql PyPI...

EUVD-2023-2560

Malicious code in bioql PyPI...

EUVD-2023-1900

Malicious code in bioql PyPI...

au.com.versent.jenkins.plugins:ignore-committer-strategy (>=29.v7c3891a_434c3 <=57.v0756db_b_f6926), br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1) +148 more potentially affected by CVE-2025-58458 via org.jenkins-ci.plugins:git-client (>=1.0.2 <=6.3.0)

org.jenkins-ci.plugins:git-client MAVEN version =1.0.2, =29.v7c3891a434c3, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.1.2 and more Source cves: CVE-2025-58458 Source advisory: OSV:GHSA-G2PQ-9JR7-W6GV...

CVE-2023-41943

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...

CVE-2023-41941

A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1819 more potentially affected by CVE-2025-31720 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.492.2)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2025-31720 Source advisory: OSV:GHSA-565R-PF5Q-45V6...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1603 more potentially affected by CVE-2024-43045 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.452.3)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2024-43045 Source advisory: OSV:GHSA-8PV9-QH96-9HC6...

CVE-2024-37293

The AWS Deployment Framework ADF is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. ADF allows for staged, parallel, multi-account, cross-region deployments of applications or resources via the structure defined in AWS Organizations...

CVE-2024-37293 aws-deployment-framework's potential risk can lead to privilege escalation

The AWS Deployment Framework ADF is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. ADF allows for staged, parallel, multi-account, cross-region deployments of applications or resources via the structure defined in AWS Organizations...

CVE-2024-37293 aws-deployment-framework's potential risk can lead to privilege escalation

The AWS Deployment Framework ADF is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. ADF allows for staged, parallel, multi-account, cross-region deployments of applications or resources via the structure defined in AWS Organizations...

New AMBERSQUID Cryptojacking Operation Targets Uncommon AWS Services

A novel cloud-native cryptojacking operation has set its eyes on uncommon Amazon Web Services AWS offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to illicitly mine cryptocurrency. The malicious cyber activity has been codenamed AMBERSQUID by cloud and container security firm...

Jenkins plugins Multiple Vulnerabilities (2023-09-06)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a histo...

HTML injection vulnerability in Jenkins AWS CodeCommit Trigger Plugin

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability...

Missing permission check in Jenkins AWS CodeCommit Trigger Plugin allows enumerating credentials IDs

A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins...

GHSA-G4QF-5523-7WVF HTML injection vulnerability in Jenkins AWS CodeCommit Trigger Plugin

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability...

CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin

A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...