34 matches found
CVE-2018-1000011
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
EUVD-2022-1902
Malicious code in bioql PyPI...
EUVD-2022-4815
Malicious code in bioql PyPI...
CVE-2024-5273
Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by...
CVE-2020-2317
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step...
GHSA-CW5R-JX8R-9F7X Jenkins Report Info Plugin Path Traversal vulnerability
Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files. Additionally, Report Info Plugin does not support distributed builds. This results in a path traversal vulnerability, allowing attackers with Item/Configure permissio...
Jenkins Report Info Plugin Path Traversal vulnerability
Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files. Additionally, Report Info Plugin does not support distributed builds. This results in a path traversal vulnerability, allowing attackers with Item/Configure permissio...
CVE-2024-5273
Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by...
CVE-2024-5273
Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by...
CVE-2024-5273
Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by...
SUSE CVE-2018-1000011
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
com.groupon.jenkins-ci.plugins:DotCi-Plugins-Starter-Pack (>=1.7.2 <=1.8.2), com.groupon.jenkins.plugins:DotCi-Plugins-Starter-Pack (>=1.0.0 <=1.7.1) potentially affected by CVE-2020-2317 via org.jvnet.hudson.plugins:findbugs (>=4.51 <=4.62)
org.jvnet.hudson.plugins:findbugs MAVEN version =4.51, =1.7.2, =1.0.0, =1.7.1 Source cves: CVE-2020-2317 Source advisory: OSV:GHSA-24G8-35X9-FV8R...
GHSA-24G8-35X9-FV8R Stored XSS vulnerability in Jenkins FindBugs Plugin
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step...
Stored XSS vulnerability in Jenkins FindBugs Plugin
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step...
com.groupon.jenkins-ci.plugins:DotCi-Plugins-Starter-Pack (>=1.7.2 <=1.8.2), com.groupon.jenkins.plugins:DotCi-Plugins-Starter-Pack (>=1.0.0 <=1.7.1) +2 more potentially affected by CVE-2018-1000011 via org.jvnet.hudson.plugins.findbugs:library (>=1.3.10-hudson3 <=4.0.0)
org.jvnet.hudson.plugins.findbugs:library MAVEN version =1.3.10-hudson3, =1.7.2, =1.0.0, =1.0.0, =4.3, =5.0.0-beta3 Source cves: CVE-2018-1000011 Source advisory: OSV:GHSA-PR9H-G7P7-RRQH...
GHSA-PR9H-G7P7-RRQH XML External Entity Reference in Jenkins FindBugs Plugin
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
XML External Entity Reference in Jenkins FindBugs Plugin
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
CloudBees Jenkins FindBugs Cross-Site Scripting Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...
CVE-2020-2317
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step...
CVE-2020-2317
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step...