EUVD-2022-4330

Malicious code in bioql PyPI...

EUVD-2022-4043

Malicious code in bioql PyPI...

CVE-2019-10414

Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

Jenkins Git Changelog Plugin has Insufficiently Protected Credentials

Git Changelog Plugin stored MediaWiki and Jira passwords unencrypted in job config.xml files on the Jenkins controller. These passwords could be viewed by users with Extended Read permission, or access to the Jenkins controller file system. Git Changelog Plugin now stores these passwords encrypte...

GHSA-H27G-72MH-9M33 Jenkins Git Changelog Plugin has Insufficiently Protected Credentials

Git Changelog Plugin stored MediaWiki and Jira passwords unencrypted in job config.xml files on the Jenkins controller. These passwords could be viewed by users with Extended Read permission, or access to the Jenkins controller file system. Git Changelog Plugin now stores these passwords encrypte...

br.com.ingenieux.jenkins.plugins:awseb-deployment-plugin (>=0.3.5 <=0.3.15), com.barchart.jenkins:maven-release-cascade (>=1.0.0 <=1.3.2) +109 more potentially affected by CVE-2019-10337 via org.jenkins-ci.plugins:token-macro (>=1.0 <=2.7)

org.jenkins-ci.plugins:token-macro MAVEN version =1.0, =0.3.5, =1.0.0, =1.14.1, =4.1.1, =1.7.2, =1.1.2, =0.18, =0.1, =2.5.8, =3.0, =1.0-alpha-1, =1.2.0-beta-1 and more Source cves: CVE-2019-10337 Source advisory: OSV:GHSA-G6H2-4X64-C59X...

Stored XSS vulnerability in Jenkins Git Changelog Plugin

A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attacke...

GHSA-JCMG-9RW5-9RM2 Stored XSS vulnerability in Jenkins Git Changelog Plugin

A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attacke...

br.com.ingenieux.jenkins.plugins:awseb-deployment-plugin (>=0.3.5 <=0.3.15), com.barchart.jenkins:maven-release-cascade (>=1.0.0 <=1.3.2) +109 more potentially affected by CVE-2019-1003011 via org.jenkins-ci.plugins:token-macro (>=1.0 <=2.5)

org.jenkins-ci.plugins:token-macro MAVEN version =1.0, =0.3.5, =1.0.0, =1.14.1, =4.1.1, =1.7.2, =1.1.2, =0.18, =0.1, =2.5.8, =3.0, =1.0-alpha-1, =1.2.0-beta-1 and more Source cves: CVE-2019-1003011 Source advisory: OSV:GHSA-23H9-M55M-C5JP...

DEBIAN-CVE-2012-6114

The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via a symlink attack on 1 /tmp/changelog or 2 /tmp/.git-effort...

UBUNTU-CVE-2012-6114

The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via a symlink attack on 1 /tmp/changelog or 2 /tmp/.git-effort...

CVE-2012-6114

The CVE-2012-6114 issue affects the git-changelog utility in git-extras 1.7.0. A local user can cause a symlink attack targeting /tmp/changelog or /tmp/.git-effort, enabling overwriting of arbitrary files. The root cause is a symlink/privilege-exacerbated file-write vulnerability in the utility’s...

CVE-2012-6114

The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via a symlink attack on 1 /tmp/changelog or 2 /tmp/.git-effort...

Unspecified Vulnerability in CloudBees Jenkins Git Changelog Plugin

CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. CloudBees. The product is mainly used to monitor the continuous software version of the release/testing project and some timed tasks . Git Changelog Plugin is used in one of the Git...

CVE-2019-10414

Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-10414

Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

Design/Logic Flaw

Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-10414

Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

PT-2019-11808 · Jenkins · Jenkins Git Changelog Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Git Changelog Plugin versions 2.17 and earlier Description: The issue concerns the storage of credentials in an unencrypted manner in job config.xml files on the Jenkins master or controller. Specifically, MediaWiki and Jira passwords...

CloudBees Jenkins Git Changelog Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. that are used to monitor ongoing software releases/testing projects and some timed tasks.The Git Changelog Plugin is one of the tools used to create a changelog or release note...