Malicious code in cloud-pc-templates (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 044178c5b07f16ba0681f534724c7bcac3c8f39832484c7a3ac51d43a69cd803 The ai login CLI subcommands loginMode huggingface, ollamacloud, ollamalocal each download a proxy script from a mutable refs/heads/main branch of a...

Missing Authorization

Overview org.jenkins-ci.plugins:github-branch-source is a multibranch projects and organization folders from GitHub. Maintained by CloudBees, Inc. Affected versions of this package are vulnerable to Missing Authorization in the GitHubAppCredentials descriptor through the testConnection handler. A...

io.jenkins.blueocean:blueocean (>=1.27.17 <=1.27.25), io.jenkins.blueocean:blueocean-bitbucket-pipeline (>=1.27.17 <=1.27.25) +9 more potentially affected by CVE-2026-42522 via org.jenkins-ci.plugins:github-branch-source (>=1793.v1831e9c68d77 <=1967.vdea_d580c1a_b_a_)

org.jenkins-ci.plugins:github-branch-source MAVEN version =1793.v1831e9c68d77, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =634.v371dc6d978a3, =1.83.v5bff0e55cd2d, =4.204.vf74143795d5f, =611.v70d151e60ec4, =685.v53b070455063 Source cves: CVE-2026-42522 Source advisory:...

Jenkins GitHub Branch Source Plugin: Missing permissions check allows attackers to perform a connection test

Jenkins GitHub Branch Source Plugin versions 1967.vdead580c1aba and earlier do not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials. GitHub...

CVE-2026-42522

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

CVE-2026-42522

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

CVE-2026-42522

The vulnerability CVE-2026-42522 affects Jenkins’ GitHub Branch Source Plugin (versions including 1967.vdea_d580c1a_b_a_ and earlier). The root cause is a missing permission check that permits attackers with Overall/Read to connect to an attacker-specified URL using attacker-specified GitHub App ...

CVE-2026-42522

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

PT-2026-35916

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea d580c1a b a and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

Jenkins GitHub Branch Source Plugin 安全漏洞

Jenkins GitHub Branch Source Plugin is an open-source plugin for Jenkins that provides continuous integration capabilities, enabling discovery of code hosting platforms and the selection of build branches. The Jenkins GitHub Branch Source Plugin versions 1967.vdead580c1aba and earlier contain...

EUVD-2022-5509

Malicious code in bioql PyPI...

Jenkins GitHub Branch Source Plugin allows any user with Overall/Read permission to get list of valid credentials IDs

GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part...

CloudBees Jenkins GitHub Branch Source Plugin Server-Side Request Forgery Vulnerability

CloudBees Jenkins is a set of Java-based continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . GitHub Branch Source Plugin is used in one of the Jenkins used to view, operate the...

CVE-2018-1000185

A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL...

CVE-2018-1000185

A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL...

Node.js third-party modules: Remote Command Execution vulnerability in pullit

I would like to report Remote Command Execution vulnerability in pullit It allows remote command execution such as reading or writing to the file system, and executing other programs under the current user running the pullit node executable. Module pullit https://www.npmjs.com/package/pullit...

CloudBees GitHub Branch Source plugin cross-site forgery vulnerability

CloudBees GitHub Branch Source plugin is the U.S. CloudBees company's Jenkins Java-based development of continuous integration tools in a GitHub branch plugin . A cross-site request forgery vulnerability exists in the CloudBees GitHub Branch Source plugin that stems from the program failing to...

CloudBees GitHub Branch Source plugin enumeration vulnerability

CloudBees GitHub Branch Source plugin is the U.S. CloudBees company's Jenkins Java-based development of continuous integration tools in a GitHub branch plugin . The CloudBees GitHub Branch Source plugin suffers from an enumeration vulnerability that stems from the program failing to detect...

CVE-2017-1000087

GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part...

CVE-2017-1000087

GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part...