Malicious code in pyxis-config-eslint-plugin-exec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9039999becb8512da6baec8c9a9785c430ce5c276938dacaed4906dcbcde51d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2022-4612

Malicious code in bioql PyPI...

EUVD-2022-2644

Malicious code in bioql PyPI...

Jenkins Compuware Common Configuration Plugin vulnerable to Improper Restriction of XML External Entity Reference

Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to change the contents of the Topaz Workbench CLI home directory on agents to have Jenkins parse a crafted file that uses...

CVE-2022-41226

CVE-2022-41226 affects Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier. The connected sources confirm the root cause is that the plugin’s XML parser is not configured to mitigate XML External Entity (XXE) attacks. This can enable XXE in parsing XML data, with the documented impli...

Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin

Configuration as Code Plugin logs the changes it applies to the Jenkins system log. Secrets such as passwords should be masked i.e. replaced with asterisks in that log to prevent accidental disclosure. Configuration as Code Plugin inspects the type and looks for a field, getter, or constructor...

CVE-2020-2311

The vulnerability CVE-2020-2311 affects Jenkins AWS Global Configuration Plugin (versions 1.5 and earlier). The root cause is a missing permission check in an HTTP endpoint that processes form submissions, enabling attackers with Overall/Read permission to replace the global AWS configuration. Im...