24 matches found
CVE-2026-23882
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the MCP Model Context Protocol server creation function allows specifying arbitrary commands and arguments, which are executed when testing the connection. This issue has been patched in version 1.8.4...
CVE-2026-23882
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the MCP Model Context Protocol server creation function allows specifying arbitrary commands and arguments, which are executed when testing the connection. This issue has been patched in version 1.8.4...
CVE-2026-23882
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the MCP Model Context Protocol server creation function allows specifying arbitrary commands and arguments, which are executed when testing the connection. This issue has been patched in version 1.8.4...
EUVD-2022-2063
Malicious code in bioql PyPI...
JetBrains TeamCity 安全漏洞
JetBrains TeamCity is a powerful continuous integration and continuous delivery CI/CD tool developed by JetBrains. JetBrains TeamCity suffers from a privilege issue vulnerability that originates from decrypting connection secrets without proper privileges by testing the connection endpoint. No...
GHSA-VPF7-Q2RX-26MH Jenkins HashiCorp Vault Plugin does not perform permission checks in several HTTP endpoints that perform Vault connection tests
A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb858fd6bf48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys...
Jenkins HashiCorp Vault Plugin does not perform permission checks in several HTTP endpoints that perform Vault connection tests
A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb858fd6bf48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys...
CSRF vulnerability in Jenkins Active Directory Plugin
Jenkins Active Directory Plugin 2.19 and earlier does not require POST requests for multiple HTTP endpoints implementing connection and authentication tests, resulting in cross-site request forgery CSRF vulnerabilities. This vulnerability allows attackers to perform connection tests, connecting t...
GHSA-2WF5-4MF7-VMH3 CSRF vulnerability in Jenkins Active Directory Plugin
Jenkins Active Directory Plugin 2.19 and earlier does not require POST requests for multiple HTTP endpoints implementing connection and authentication tests, resulting in cross-site request forgery CSRF vulnerabilities. This vulnerability allows attackers to perform connection tests, connecting t...
GHSA-VC7G-4269-F7HW Missing permission check in Blue Ocean Plugin
Updated 2020-09-16 This entry previously misidentified the problematic behavior. The HTTP request itself is legitimate, but only authorized users should be able to perform it. Original Description Blue Ocean Plugin 1.23.2 and earlier does not perform permission checks in several HTTP endpoints...
Missing permission check in Blue Ocean Plugin
Updated 2020-09-16 This entry previously misidentified the problematic behavior. The HTTP request itself is legitimate, but only authorized users should be able to perform it. Original Description Blue Ocean Plugin 1.23.2 and earlier does not perform permission checks in several HTTP endpoints...
Cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin
A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system...
Jenkins WebSphere Deployer Plugin missing permission check
Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not perform permission checks in methods performing form validation. This allows users with Overall/Read access to perform connection tests, determine whether files with an attacker-specified path exist on the Jenkins controller file system...
jenkins-2-plugins/blueocean: Blue Ocean Plugin does not perform permission checks in several HTTP endpoints implementing connection tests.
A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...
CVE-2020-2303
A cross-site request forgery CSRF vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credentials...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credentials...
CVE-2020-2303
A cross-site request forgery CSRF vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credentials...
Privilege Escalation
jenkins-2-plugins/blueocean is vulnerable to privilege escalation. The vulnerability exists as the Blue Ocean Plugin does not perform permission checks in several HTTP endpoints implementing connection tests...
PT-2020-15479 · Jenkins · Jenkins Blue Ocean Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Blue Ocean Plugin versions 1.23.2 and earlier Description: A missing permission check in the Jenkins Blue Ocean Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL. The HTTP request itself is...
CVE-2019-16559
A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system...