19 matches found
EUVD-2022-5740
Malicious code in bioql PyPI...
EUVD-2022-2699
Malicious code in bioql PyPI...
CVE-2018-1000010
Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
SUSE CVE-2017-1000103
The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...
Persistent XSS vulnerability in Jenkins DRY Plugin
The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...
GHSA-63CJ-3R94-234V Persistent XSS vulnerability in Jenkins DRY Plugin
The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...
XXE vulnerability in Jenkins DRY Plugin
Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
GHSA-X7QF-QH3R-MX22 XXE vulnerability in Jenkins DRY Plugin
Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
CloudBees Jenkins DRY plugin XML external entity injection vulnerability
CloudBees Jenkins is the U.S. CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and a number of timed tasks . DRY Plugin is used in one of the duplicate code to simplify t...
Server side request forgery (ssrf)
Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
CVE-2018-1000010
Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
CVE-2018-1000010
Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
CVE-2018-1000010
CVE-2018-1000010 affects Jenkins DRY Plugin 2.49 and earlier, where parsing of XML files during builds enables XML External Entity (XXE) processing. The root cause is XXE handling in the plugin, allowing attackers with Jenkins user permissions to extract secrets from the Jenkins master, perform s...
CVE-2018-1000010
Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
CloudBees Static Analysis Utilities and DRY plugin cross-site scripting vulnerability
CloudBees Static Analysis Utilities is the United States CloudBees company's Jenkins Java-based development of continuous integration tools in a static analysis tool . DRY Plugin is one of the analysis report generation plug-in . A cross-site scripting vulnerability exists in the Details view in...
CVE-2017-1000103
The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...
Cross site scripting
The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...
CVE-2017-1000103
The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...
CVE-2017-1000103
The CVE-2017-1000103 issue affects the CloudBees Static Analysis Utilities and DRY Plugin (Jenkins) where the Details view is vulnerable to persisted cross-site scripting. Malicious input could lead to insertion of arbitrary HTML into the view. The provided connected documents confirm the vulnera...