Lucene search
+L

6 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-2908

Malicious code in bioql PyPI...

8.1CVSS6.3AI score0.02111EPSS
Exploits0References8
openvas
openvas
added 2019/04/17 12:0 a.m.74 views

Jenkins < 2.164.2 LTS and < 2.172 Multiple Vulnerabilities - Windows

Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...

8.1CVSS6.8AI score0.02111EPSS
Exploits0References1
prion
prion
added 2019/04/10 9:29 p.m.22 views

Authentication flaw

Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based...

6.8CVSS7.3AI score0.02111EPSS
Exploits0References4Affected Software3
openvas
openvas
added 2019/01/23 12:0 a.m.304 views

Jenkins < 2.160 and < 2.150.2 LTS Multiple Vulnerabilities - Windows

Jenkins and is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2CVSS7.2AI score0.01619EPSS
Exploits0References1
nvd
nvd
added 2019/01/22 2:29 p.m.40 views

CVE-2019-1003004

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have...

7.2CVSS7.5AI score0.01619EPSS
Exploits0References3
cve
cve
added 2019/01/22 2:0 p.m.159 views

CVE-2019-1003004

CVE-2019-1003004 affects Jenkins core (including 2.158 and earlier, LTS 2.150.1 and earlier) due to an improper authorization issue in AuthenticationProcessingFilter2.java that can extend an active HTTP session indefinitely, potentially for a user whose account was deleted. The connected records ...

7.2CVSS7.1AI score0.01619EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder