36 matches found
EUVD-2022-6974
Malicious code in bioql PyPI...
EUVD-2022-6761
Malicious code in bioql PyPI...
CVE-2022-41238
A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits...
CVE-2022-41239
Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting XSS vulnerability...
CVE-2022-41237
Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...
GHSA-Q9G4-9FX4-V533 Stored XSS vulnerability in Jenkins DotCi Plugin
DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to submit crafted commit notifications to the...
GHSA-9MC6-VGMQ-X6XF Lack of authentication mechanism in Jenkins DotCi Plugin webhook
DotCi Plugin provides a webhook endpoint at /githook/ that can be used to trigger builds of the job for a GitHub repository. In DotCi Plugin 2.40.00 and earlier, this endpoint can be accessed without authentication. This allows unauthenticated attackers to trigger builds of jobs corresponding to...
Stored XSS vulnerability in Jenkins DotCi Plugin
DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to submit crafted commit notifications to the...
Lack of authentication mechanism in Jenkins DotCi Plugin webhook
DotCi Plugin provides a webhook endpoint at /githook/ that can be used to trigger builds of the job for a GitHub repository. In DotCi Plugin 2.40.00 and earlier, this endpoint can be accessed without authentication. This allows unauthenticated attackers to trigger builds of jobs corresponding to...
RCE vulnerability in Jenkins DotCi Plugin
DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution RCE vulnerability exploitable by attackers able to modify .ci.yml files in SCM. This plugin has been suspended...
GHSA-X3JJ-RGW9-7R5G RCE vulnerability in Jenkins DotCi Plugin
DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution RCE vulnerability exploitable by attackers able to modify .ci.yml files in SCM. This plugin has been suspended...
CVE-2022-41237
Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...
CVE-2022-41239
Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting XSS vulnerability...
CVE-2022-41238
A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits...
CVE-2022-41238
A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits...
CVE-2022-41237
Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...
Cross site scripting
Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting XSS vulnerability...
Design/Logic Flaw
A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits...
CVE-2022-41239
Summary: CVE-2022-41239 affects the Jenkins DotCi Plugin (version ≤ 2.40.00). The issue is a lack of escaping the GitHub user name parameter in commit notifications when displayed in a build cause, which leads to a stored cross-site scripting (XSS) vulnerability. Affected component: Jenkins DotCi...
CVE-2022-41239
Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting XSS vulnerability...