6 matches found
CVE-2018-1000607
A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by the permissions of the user the Jenkins...
EUVD-2022-3145
Malicious code in bioql PyPI...
GHSA-8864-PWHG-3MP2 Arbitrary file write vulnerability in Jenkins Fortify CloudScan Plugin
A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by the permissions of the user the Jenkins...
Arbitrary file write vulnerability in Jenkins Fortify CloudScan Plugin
A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by the permissions of the user the Jenkins...
CVE-2018-1000607
CVE-2018-1000607 affects Jenkins Fortify CloudScan Plugin (versions 1.5.1 and earlier). The flaw resides in ArchiveUtil.java and allows an attacker who can influence the contents of a rulepack ZIP to overwrite arbitrary files on the Jenkins master filesystem, limited by the master process user pe...
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview org.jenkins-ci.plugins:fortify-cloudscan-jenkins-plugin allows an organization to host their own internal cloud-based infrastructure of Static Code Analyzer SCA machines that are distributed jobs by a centralized controller and optionally integrated with Software Security Center SSC...