6 matches found
EUVD-2022-2637
Malicious code in bioql PyPI...
EUVD-2023-2179
Malicious code in bioql PyPI...
GHSA-HJ36-V72X-CC6J Missing permission checks in Jenkins Database Plugin
A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials. Database Plugin 1.7 requires Overall/Administer permission for the affected form...
PT-2022-17151 · Jenkins · Jenkins Swamp Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins SWAMP Plugin versions 1.2.6 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified web server using attacker-specified credentials. The vulnerability is due to a...
CVE-2019-10310
A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptordoTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials I...
CVE-2019-1003090
A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpldoValidate form validation method allows attackers to initiate a connection to an attacker-specified server...