19 matches found
EUVD-2023-1703
Malicious code in bioql PyPI...
EUVD-2023-1874
Malicious code in bioql PyPI...
CVE-2023-35149
A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
CVE-2023-35148
A cross-site request forgery CSRF vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
Improper Validations
Jenkins Digital.ai App Management Publisher Plugin is vulnerable to Improper Validations. The vulnerability exists due to not performing permission checks in several HTTP endpoints which allows an attacker with read or overall permissions to capture sensitive data such as stored credentials...
Cross-Site Request Forgery (CSRF)
Jenkins Digital.ai App Management Publisher Plugin is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists because some HTTP endpoints do not require authentication, which allows an attacker to perform unauthorized actions...
Jenkins plugins Multiple Vulnerabilities (2023-06-14)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default. CVE-2023-3514...
GHSA-5GHV-WXH9-7356 Jenkins Digital.ai App Management Publisher Plugin missing permission checks
Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...
Jenkins Digital.ai App Management Publisher Plugin missing permission checks
Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...
GHSA-R72X-2H45-P59X Jenkins Digital.ai App Management Publisher Plugin vulnerable to Cross-Site Request Forgery
Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...
Jenkins Digital.ai App Management Publisher Plugin vulnerable to Cross-Site Request Forgery
Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...
CVE-2023-35149
A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
CVE-2023-35148
A cross-site request forgery CSRF vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
Information disclosure
A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
CVE-2023-35149
CVE-2023-35149 concerns Jenkins Digital.ai App Management Publisher Plugin (versions ≤ 2.6). A missing permission check in the plugin’s HTTP endpoints allows attackers with Overall/Read to connect to an attacker‑specified URL and use credentials IDs, leading to credential exposure. The issue also...
CVE-2023-35148
A cross-site request forgery CSRF vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
CVE-2023-35148
CVE-2023-35148 refers to a CSRF vulnerability in Jenkins Digital.ai App Management Publisher Plugin (version 2.6 and earlier). The core issue is missing permission checks across several HTTP endpoints, allowing an attacker with Overall/Read permission to cause the controller to connect to an atta...
Jenkins Plugin Digital.ai App Management Publisher 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...