10 matches found
EUVD-2022-4454
Malicious code in bioql PyPI...
CVE-2022-34184
CVE-2022-34184 affects Jenkins CRX Content Package Deployer Plugin 1.9 and earlier. The issue is that the name and description of CRX Content Package Choice parameters are not escaped on parameter views, causing stored XSS exploitable by attackers with Item/Configure permission. Connected sources...
CVE-2019-10437
A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-10437
A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-10439
A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
CVE-2019-10439
The CVE-2019-10439 issue affects Jenkins CRX Content Package Deployer Plugin, with vulnerable versions ≤ 1.8.1. A missing permission check in various doFillCredentialsIdItems methods allows users with Overall/Read access to enumerate credentials IDs stored in Jenkins. Exploitation context is not ...
CVE-2019-10438
Jenkins CRX Content Package Deployer Plugin suffered a missing permission check in versions 1.8.1 and earlier, allowing attackers with Overall/Read to connect to an attacker-specified URL using attacker-specified credentials IDs retrieved through another method, thereby capturing credentials stor...
CVE-2019-10439
A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
CVE-2019-10438
A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-10437
The CVE-2019-10437 vulnerability affects Jenkins CRX Content Package Deployer Plugin versions 1.8.1 and earlier. It is a cross-site request forgery (CSRF) issue in which an attacker can cause a Jenkins instance to connect to an attacker-specified URL using credentials IDs obtained through another...