11 matches found
EUVD-2023-1184
Malicious code in bioql PyPI...
EUVD-2023-1224
Malicious code in bioql PyPI...
CVE-2023-28677
Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle projects to prepare a crafted...
GHSA-48G9-H7G5-8PW2 Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery
Convert To Pipeline Plugin 1.0 and earlier does not require POST requests for the HTTP endpoint converting a Freestyle project to Pipeline, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to create a Pipeline based on a Freestyle project. Combined...
Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery
Convert To Pipeline Plugin 1.0 and earlier does not require POST requests for the HTTP endpoint converting a Freestyle project to Pipeline, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to create a Pipeline based on a Freestyle project. Combined...
Jenkins Convert To Pipeline Plugin vulnerable to command injection
Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations. This allows attackers able to configure Freestyle projects to prepare a crafted...
GHSA-7C44-M589-36W7 Jenkins Convert To Pipeline Plugin vulnerable to command injection
Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations. This allows attackers able to configure Freestyle projects to prepare a crafted...
CVE-2023-28677
Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle projects to prepare a crafted...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Convert To Pipeline Plugin 1.0 and earlier allows attackers to create a Pipeline based on a Freestyle project, potentially leading to remote code execution RCE...
CVE-2023-28677
The CVE-2023-28677 entry concerns the Jenkins Convert To Pipeline Plugin (1.0 and earlier). The vulnerability arises from using basic string concatenation to convert Freestyle projects’ Build Environment, Build Steps, and Post-build Actions into Pipeline invocations, enabling an attacker who can ...
CVE-2023-28676
CVE-2023-28676 describes a cross-site request forgery (CSRF) vulnerability in the Jenkins Convert To Pipeline Plugin, version 1.0 and earlier. The flaw allows an attacker to create a Pipeline based on a Freestyle project, which can potentially lead to remote code execution (RCE). Public reference...