Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2022-4454

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.01034EPSS
Exploits0References5
CVE
CVE
added 2022/06/22 2:41 p.m.107 views

CVE-2022-34184

CVE-2022-34184 affects Jenkins CRX Content Package Deployer Plugin 1.9 and earlier. The issue is that the name and description of CRX Content Package Choice parameters are not escaped on parameter views, causing stored XSS exploitable by attackers with Item/Configure permission. Connected sources...

5.4CVSS5.2AI score0.00759EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/10/16 2:15 p.m.21 views

CVE-2019-10437

A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS8.6AI score0.00836EPSS
Exploits0References1
OSV
OSV
added 2019/10/16 2:15 p.m.18 views

CVE-2019-10437

A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS6.7AI score
Exploits0References1
OSV
OSV
added 2019/10/16 2:15 p.m.16 views

CVE-2019-10439

A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

4.3CVSS6.6AI score
Exploits0References1
CVE
CVE
added 2019/10/16 1:0 p.m.78 views

CVE-2019-10439

The CVE-2019-10439 issue affects Jenkins CRX Content Package Deployer Plugin, with vulnerable versions ≤ 1.8.1. A missing permission check in various doFillCredentialsIdItems methods allows users with Overall/Read access to enumerate credentials IDs stored in Jenkins. Exploitation context is not ...

4.3CVSS4.4AI score0.00664EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/10/16 1:0 p.m.115 views

CVE-2019-10438

Jenkins CRX Content Package Deployer Plugin suffered a missing permission check in versions 1.8.1 and earlier, allowing attackers with Overall/Read to connect to an attacker-specified URL using attacker-specified credentials IDs retrieved through another method, thereby capturing credentials stor...

6.5CVSS6.3AI score0.01034EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/10/16 1:0 p.m.24 views

CVE-2019-10439

A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

4.4AI score0.00664EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/10/16 1:0 p.m.30 views

CVE-2019-10438

A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.3AI score0.01034EPSS
Exploits0References1
CVE
CVE
added 2019/10/16 1:0 p.m.72 views

CVE-2019-10437

The CVE-2019-10437 vulnerability affects Jenkins CRX Content Package Deployer Plugin versions 1.8.1 and earlier. It is a cross-site request forgery (CSRF) issue in which an attacker can cause a Jenkins instance to connect to an attacker-specified URL using credentials IDs obtained through another...

8.8CVSS8.5AI score0.00836EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder