16 matches found
CVE-2018-1000011
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
EUVD-2022-1902
Malicious code in bioql PyPI...
EUVD-2022-4815
Malicious code in bioql PyPI...
CVE-2020-2317
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step...
SUSE CVE-2018-1000011
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
CVE-2020-2317
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step...
CVE-2020-2317
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step...
Cross site scripting
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step...
CVE-2020-2317
The CVE-2020-2317 entry describes a stored XSS vulnerability in Jenkins FindBugs Plugin, affecting version 5.0.0 and earlier. The root cause is that the plugin does not escape the annotation message shown in tooltips, enabling an attacker who can supply report files to the plugin’s post-build ste...
CVE-2020-2317
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step...
PT-2020-15551 · Jenkins · Jenkins Findbugs Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins FindBugs Plugin versions 5.0.0 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the annotation message in tooltips is not properly escaped, allowing attackers to injec...
CloudBees Jenkins FindBugs plugin XML external entity injection vulnerability
CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . FindBugs Plugin is used in one of th...
Server side request forgery (ssrf)
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
CVE-2018-1000011
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
CVE-2018-1000011
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
CVE-2018-1000011
The CVE-2018-1000011 issue affects Jenkins FindBugs Plugin (version 4.71 and earlier). The root cause is XML External Entity (XXE) processing in files parsed during builds, enabling attackers with Jenkins user permissions to extract secrets from the Jenkins master, perform server-side request for...