Lucene search
+L

89 matches found

Snyk
Snyk
added 2026/03/26 7:32 a.m.6 views

Arbitrary Code Injection

Overview bentoml is a BentoML: Build Production-Grade AI Applications Affected versions of this package are vulnerable to Arbitrary Code Injection via the systempackages handling in the Dockerfile generation and image command paths. An attacker can execute arbitrary shell commands during bentoml...

8.6CVSS6.5AI score0.00257EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 8:37 a.m.11 views

CVE-2026-33075 FastGPT has Arbitrary Code Execution in GitHub Actions via pull_request_target in fastgpt-preview-image.yml

FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pullrequesttarget which runs with access to repository secrets but checks out cod...

9.4CVSS6.4AI score0.00297EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/07 9:19 a.m.9 views

CVE-2024-2215

A cross-site request forgery CSRF vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions...

6.1CVSS6.8AI score0.00408EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/11/02 5:46 a.m.153 views

Exploit for CVE-2024-7387

overview cve-2024-7387https://nvd.nist.gov/vuln/detail/C...

9.1CVSS7.8AI score0.02301EPSS
Exploits3
GithubExploit
GithubExploit
added 2025/11/02 5:46 a.m.168 views

Exploit for CVE-2024-7387

overview cve-2024-7387https://nvd.nist.gov/vuln/detail/C...

9.1CVSS7.8AI score0.02301EPSS
Exploits3
OSV
OSV
added 2025/03/31 3:21 p.m.6 views

CVE-2025-3047 Path Traversal in AWS SAM CLI allows file copy to build container

When running the AWS Serverless Application Model Command Line Interface SAM CLI build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A use...

6.9CVSS6AI score0.00724EPSS
Exploits0References5
NVD
NVD
added 2024/12/31 3:15 a.m.16 views

CVE-2024-45497

A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories...

7.6CVSS0.00548EPSS
Exploits0References9
Prion
Prion
added 2024/12/31 3:15 a.m.16 views

CVE-2024-45497

A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories...

7.6CVSS0.00548EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/31 2:19 a.m.29 views

CVE-2024-45497 Openshift-api: openshift-controller-manager/build: build process in openshift allows overwriting of node pull credentials

A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories...

7.6CVSS0.00548EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2024/09/19 5:30 a.m.24 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.37 bug fix and security update

Red Hat OpenShift Container Platform release 4.14.37 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

9.9CVSS7.3AI score0.02301EPSS
Exploits4References3
SUSE CVE
SUSE CVE
added 2024/08/26 2:13 a.m.4 views

SUSE CVE-2024-24557

Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions most important being HEALTHCHECK and ONBUILD would not cause a cache miss. An...

6.9CVSS8.6AI score0.00258EPSS
Exploits0References3
Veracode
Veracode
added 2024/03/12 7:40 a.m.15 views

Improper Authorization

org.jenkins-ci.plugins:docker-build-step is vulnerable to Improper Authorization. The vulnerability is due to inadequate permission validation, allowing attackers with Overall/Read permission to connect to attacker-specified TCP or Unix socket URLs and reconfigure the plugin using provided...

8.8CVSS6.7AI score0.00826EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/03/06 6:30 p.m.23 views

GHSA-64C5-R2H5-C2FG Jenkins docker-build-step Plugin Cross-Site Request Forgery vulnerability

A cross-site request forgery CSRF vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions...

6.3CVSS6.4AI score0.00408EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 6:30 p.m.15 views

GHSA-8H2M-54WH-GWJ3 Jenkins docker-build-step Plugin missing permission check

A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting futu...

6.3CVSS8.5AI score0.00826EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/03/06 6:30 p.m.34 views

Jenkins docker-build-step Plugin Cross-Site Request Forgery vulnerability

A cross-site request forgery CSRF vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions...

6.1CVSS6.8AI score0.00408EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/06 6:30 p.m.29 views

Jenkins docker-build-step Plugin missing permission check

A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting futu...

8.8CVSS6.7AI score0.00826EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/03/06 5:15 p.m.46 views

CVE-2024-2215

A cross-site request forgery CSRF vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions...

6.1CVSS5.7AI score0.00408EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 5:15 p.m.7 views

CVE-2024-2215

A cross-site request forgery CSRF vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions...

6.1CVSS6.7AI score
Exploits0References2
NVD
NVD
added 2024/03/06 5:15 p.m.40 views

CVE-2024-2216

A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting futu...

8.8CVSS5.6AI score0.00826EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 5:15 p.m.6 views

CVE-2024-2216

A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting futu...

8.8CVSS6.6AI score
Exploits0References2
Rows per page
Query Builder