45 matches found
EUVD-2022-6687
Malicious code in bioql PyPI...
EUVD-2022-6890
Malicious code in bioql PyPI...
EUVD-2022-6728
Malicious code in bioql PyPI...
CVE-2022-41255
Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2022-41253
A cross-site request forgery CSRF vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-41252
Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...
API token stored in plain text by Jenkins CONS3RT Plugin
Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller as part of its configuration. This API token can be viewed by users with access to the Jenkins controller file system...
GHSA-P37P-WG92-2FC4 Missing permission checks in Jenkins CONS3RT Plugin allow enumerating credentials IDs
CONS3RT Plugin 1.0.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...
GHSA-48Q3-5297-WMMX CSRF vulnerability in Jenkins CONS3RT Plugin allow capturing credentials
CONS3RT Plugin 1.0.0 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing...
GHSA-FMQ9-R4P2-8272 API token stored in plain text by Jenkins CONS3RT Plugin
Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller as part of its configuration. This API token can be viewed by users with access to the Jenkins controller file system...
Missing permission checks in Jenkins CONS3RT Plugin allow capturing credentials
CONS3RT Plugin 1.0.0 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing...
CSRF vulnerability in Jenkins CONS3RT Plugin allow capturing credentials
CONS3RT Plugin 1.0.0 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing...
GHSA-74X9-FHC2-P79F Missing permission checks in Jenkins CONS3RT Plugin allow capturing credentials
CONS3RT Plugin 1.0.0 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing...
Missing permission checks in Jenkins CONS3RT Plugin allow enumerating credentials IDs
CONS3RT Plugin 1.0.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...
CVE-2022-41255
Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2022-41254
Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-41254
Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-41255
Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2022-41252
Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...
CVE-2022-41253
A cross-site request forgery CSRF vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...