24 matches found
CVE-2018-25332
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...
CVE-2018-25332
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...
CVE-2018-25332
CVE-2018-25332 - GitBucket 4.23.1 Unauthenticated Remote Code Execution Affected software: GitBucket 4.23.1. Vulnerability: An unauthenticated remote code execution flaw exists due to weak secret token generation and insecure file upload functionality. Adversaries can brute-force the Blowfish enc...
CVE-2018-25332 GitBucket 4.23.1 Unauthenticated Remote Code Execution
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...
CVE-2018-25332 GitBucket 4.23.1 Unauthenticated Remote Code Execution
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...
PT-2026-41558
Name of the Vulnerable Software and Affected Versions GitBucket version 4.23.1 Description An issue allows unauthenticated remote code execution through weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious J...
GitBucket 访问控制错误漏洞
GitBucket is an open-source Git code hosting platform based on Scala. Version 4.23.1 of GitBucket contains a vulnerability related to access control. This vulnerability stems from the generation of weak secret tokens and the insecure file upload feature, which may allow unauthenticated attackers ...
EUVD-2024-0831
Malicious code in bioql PyPI...
CVE-2024-28157
Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...
Cross Site Scripting
org.jenkins-ci.plugins:gitbucket is vulnerable to Cross Site Scripting. The vulnerability is due to inadequate sanitization of GitBucket URLs on build views, allowing attackers with job configuration access to exploit it...
Jenkins GitBucket Plugin vulnerable to stored Cross-site Scripting
Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...
GHSA-5J74-G3C5-WQWW Jenkins GitBucket Plugin vulnerable to stored Cross-site Scripting
Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...
CVE-2024-28157
Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...
CVE-2024-28157
Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...
Cross site scripting
Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...
CVE-2024-28157
Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...
CVE-2024-28157
Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...
CVE-2024-28157
CVE-2024-28157 affects Jenkins GitBucket Plugin, version 0.8 and earlier. The vulnerability is stored cross-site scripting (XSS) caused by unsanitized Gitbucket URLs on build views, exploitable by attackers who can configure jobs. The CVE entry documents the issue and confirms the vulnerability s...
PT-2024-22303
Name of the Vulnerable Software and Affected Versions Jenkins GitBucket Plugin versions 0.8 and earlier Description The issue is related to a stored cross-site scripting XSS vulnerability. This occurs because Gitbucket URLs on build views are not properly sanitized, allowing attackers who can...
Jenkins GitBucket Plugin Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability ...