EUVD-2022-7767

Malicious code in bioql PyPI...

EUVD-2022-4926

Malicious code in bioql PyPI...

CVE-2022-46685

In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log...

CVE-2019-10330

Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted...

Jenkins plugins Multiple Vulnerabilities (2022-12-07)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. CVE-2022-46682 - Jenki...

GHSA-X3QH-53QF-JXQ9 Jenkins Gitea Plugin vulnerable to Cleartext Transmission of Sensitive Information

In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log. Gitea Plugin 1.4.5 adds support for masking of Gitea personal access tokens. Administrators unable to update are...

Jenkins Gitea Plugin vulnerable to Cleartext Transmission of Sensitive Information

In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log. Gitea Plugin 1.4.5 adds support for masking of Gitea personal access tokens. Administrators unable to update are...

Jenkins Gitea Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

CVE-2022-46685

In Jenkins Gitea Plugin, versions 1.4.4 and earlier did not mask Gitea personal access tokens, potentially exposing credentials in build logs. The issue is documented across multiple feeds (NVD, Red Hat, OSV, GHSA) with the same root cause and scope: credentials masking was not supported, enablin...

CVE-2022-46685

In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log...

CVE-2019-10330

Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted...

Code injection

Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted...

CVE-2019-10330

Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted...

CVE-2019-10330

Summary: CVE-2019-10330 affects the Jenkins Gitea Plugin, versions 1.1.1 and earlier. The root cause is that the plugin did not implement trusted revisions, enabling attackers without commit access to the Git repository to modify Jenkinsfiles, even when Jenkins treated them as untrusted. Impact: ...

PT-2019-11730 · Jenkins · Jenkins Git Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Gitea Plugin versions 1.1.1 and earlier Description: The issue allows attackers without commit access to the Git repository to change Jenkinsfiles, even if Jenkins is configured to consider them untrusted. This is due to the lack of...