Lucene search
+L

15 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.10 views

EUVD-2022-7050

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00617EPSS
Exploits0References4
redhatcve
redhatcve
added 2025/05/22 9:46 p.m.9 views

CVE-2022-43435

Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

5.3CVSS6.8AI score0.00617EPSS
Exploits0References1
osv
osv
added 2022/10/19 7:0 p.m.33 views

GHSA-7RRJ-HQV6-FVPP Content-Security-Policy protection for user content can be disabled in Jenkins 360 FireLine Plugin

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. 360 FireLine Plugin 1.7.2 and earlier globally disables the...

8CVSS5.2AI score0.00617EPSS
Exploits0References4
github
github
added 2022/10/19 7:0 p.m.42 views

Content-Security-Policy protection for user content can be disabled in Jenkins 360 FireLine Plugin

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. 360 FireLine Plugin 1.7.2 and earlier globally disables the...

5.3CVSS5.3AI score0.00617EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2022/10/19 4:15 p.m.39 views

CVE-2022-43435

Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

5.3CVSS0.00617EPSS
Exploits0References2
osv
osv
added 2022/10/19 4:15 p.m.22 views

CVE-2022-43435

Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

5.3CVSS5.3AI score
Exploits0References2
prion
prion
added 2022/10/19 4:15 p.m.21 views

Design/Logic Flaw

Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

5CVSS5.3AI score0.00617EPSS
Exploits0References2Affected Software1
cve
cve
added 2022/10/19 12:0 a.m.90 views

CVE-2022-43435

The CVE-2022-43435 entry concerns Jenkins 360 FireLine Plugin: versions 1.7.2 and earlier that programmatically disable Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, and other downloadable content. The underlying issue is the CSP header is disabl...

5.3CVSS5.2AI score0.00617EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2022/10/19 12:0 a.m.6 views

Jenkins 360 FireLine Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

5.3CVSS5.8AI score0.00617EPSS
Exploits0References5
osv
osv
added 2022/05/24 4:59 p.m.25 views

GHSA-346G-JRX9-JGF4 Jenkins 360 FireLine Plugin vulnerable to XML External Entity Reference

An XML external entities XXE vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks. Note: Jenkins ha...

8.1CVSS8AI score0.01002EPSS
Exploits0References4
github
github
added 2022/05/24 4:59 p.m.27 views

Jenkins 360 FireLine Plugin vulnerable to XML External Entity Reference

An XML external entities XXE vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks. Note: Jenkins ha...

8.1CVSS4.3AI score0.01002EPSS
Exploits0References4Affected Software1
osv
osv
added 2019/10/23 1:15 p.m.20 views

CVE-2019-10466

An XML external entities XXE vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks...

8.1CVSS6.9AI score
Exploits0References2
cve
cve
added 2019/10/23 12:45 p.m.71 views

CVE-2019-10466

CVE-2019-10466 is an XXE vulnerability in the Jenkins 360 FireLine Plugin. The issue arises when an attacker with Overall/Read access can cause Jenkins to resolve external entities, enabling extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service. Public re...

8.1CVSS8AI score0.01002EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2019/10/23 12:45 p.m.31 views

CVE-2019-10466

An XML external entities XXE vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks...

8.1AI score0.01002EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2019/10/23 12:0 a.m.7 views

PT-2019-11860 · Jenkins · Jenkins 360 Fireline Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins 360 FireLine Plugin affected versions not specified Description: The issue is related to an XML external entities XXE vulnerability, which allows attackers with Overall/Read access to have Jenkins resolve external entities. This can...

8.1CVSS7.7AI score0.01002EPSS
Exploits0References6
Rows per page
Query Builder