64 matches found
EUVD-2023-2194
Malicious code in bioql PyPI...
EUVD-2023-2179
Malicious code in bioql PyPI...
EUVD-2022-0753
Malicious code in bioql PyPI...
EUVD-2022-5847
Malicious code in bioql PyPI...
EUVD-2022-3817
Malicious code in bioql PyPI...
EUVD-2022-4664
Malicious code in bioql PyPI...
EUVD-2023-2209
Malicious code in bioql PyPI...
CVE-2022-25188
Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the attacker...
CVE-2020-2203
A cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs...
The vulnerability of the Jenkins Fortify Plugin, related to insufficient validation of the authenticity of executed requests, allows a attacker to perform a CSRF attack.
The vulnerability of the Jenkins Fortify Plugin is related to insufficient validation of the authenticity of executed requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...
The vulnerability of the Jenkins Fortify Plugin relates to the lack of protective measures for website structures, allowing attackers to perform HTML injections.
The vulnerability of the Jenkins Fortify Plugin is related to the lack of security measures for website structures. Exploiting this vulnerability allows a malicious actor to perform HTML injection remotely...
The vulnerability of the Jenkins Fortify Plugin, related to authentication errors, allows a hacker to gain access to another user’s session.
The vulnerability of the Jenkins Fortify Plugin is related to authentication errors. Exploiting this vulnerability can allow a malicious actor to gain access to another user’s session...
GHSA-3FJV-8R82-6XM9 Jenkins Fortify Plugin cross-site request forgery vulnerability
Jenkins Fortify Plugin 22.1.38 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials store...
GHSA-223M-PGCQ-F3XG Jenkins Fortify Plugin HTML injection vulnerability
Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method. This results in an HTML injection vulnerability. Fortify Plugin 22.2.39 removes HTML tags from the error message...
Jenkins Fortify Plugin HTML injection vulnerability
Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method. This results in an HTML injection vulnerability. Fortify Plugin 22.2.39 removes HTML tags from the error message...
Jenkins Fortify Plugin cross-site request forgery vulnerability
Jenkins Fortify Plugin 22.1.38 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials store...
GHSA-4XMF-344Q-M4CC Jenkins Fortify Plugin missing permission check
Jenkins Fortify Plugin 22.1.38 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials store...
Jenkins Fortify Plugin missing permission check
Jenkins Fortify Plugin 22.1.38 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials store...
CVE-2023-4303
Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability...
CVE-2023-4301
A cross-site request forgery CSRF vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...