31 matches found
EUVD-2022-7743
Malicious code in bioql PyPI...
EUVD-2022-5207
Malicious code in bioql PyPI...
EUVD-2022-6380
Malicious code in bioql PyPI...
CVE-2023-41936
Jenkins Google Login Plugin 1.7 and earlier uses a non-constant time comparison function when checking whether the provided and expected token are equal, potentially allowing attackers to use statistical methods to obtain a valid token...
CVE-2022-46683
Jenkins Google Login Plugin 1.4 through 1.6 both inclusive improperly determines that a redirect URL after login is legitimately pointing to Jenkins...
CVE-2015-5298
The Google Login Plugin versions 1.0 and 1.1 allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification...
CVE-2023-41936
Jenkins Google Login Plugin 1.7 and earlier uses a non-constant time comparison function when checking whether the provided and expected token are equal, potentially allowing attackers to use statistical methods to obtain a valid token...
CVE-2023-41936
Summary : CVE-2023-41936 affects Jenkins Google Login Plugin 1.7 and earlier. The vulnerability arises from a non-constant time token comparison function used when verifying the provided versus expected token, enabling attackers to use statistical methods to obtain a valid token. The connected so...
Jenkins plugins Multiple Vulnerabilities (2022-12-07)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. CVE-2022-46682 - Jenki...
SUSE CVE-2015-5298
The Google Login Plugin versions 1.0 and 1.1 allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification...
SUSE CVE-2018-1000173
A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session...
SUSE CVE-2018-1000174
An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login...
CVE-2022-46683
The CVE-2022-46683 issue affects Jenkins Google Login Plugin versions 1.4–1.6 (inclusive). The root cause is an improper check that a post-login redirect URL legitimately points to Jenkins, enabling an open redirect scenario. This could allow phishing-like redirects to attacker-controlled sites b...
Jenkins Google Login Plugin 输入验证错误漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. An input validation error...
CVE-2022-46683
Jenkins Google Login Plugin 1.4 through 1.6 both inclusive improperly determines that a redirect URL after login is legitimately pointing to Jenkins...
CVE-2015-5298
The Google Login Plugin versions 1.0 and 1.1 allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification...
CVE-2015-5298
The Google Login Plugin versions 1.0 and 1.1 allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification...
CVE-2015-5298
The Google Login Plugin versions 1.0 and 1.1 allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification...
CVE-2015-5298
The CVE-2015-5298 entry concerns the Jenkins Google Login Plugin versions 1.0 and 1.1. The vulnerability arises from client-side request modification that bypasses domain-restriction controls, allowing malicious anonymous users to authenticate against Jenkins instances that should be limited to a...
GHSA-RP82-XVG3-727C Jenkins Google Login Plugin Session Fixation vulnerability
A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. Google Login Plugin 1.3.1 invalidates the previous session...