38 matches found
EUVD-2022-5257
Malicious code in bioql PyPI...
EUVD-2024-0789
Malicious code in bioql PyPI...
EUVD-2022-4067
Malicious code in bioql PyPI...
CVE-2024-28160
Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...
CVE-2019-10443
Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10441
A cross-site request forgery vulnerability in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2019-10442
A missing permission check in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2024-28160
Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...
CVE-2024-28160
CVE-2024-28160 affects the Jenkins iceScrum Plugin (versions 1.1.6 and earlier). The vulnerability arises because the plugin does not sanitize iceScrum project URLs on build views, leading to a stored cross-site scripting (XSS) vulnerability. This can be exploited by attackers who have the abilit...
Jenkins iceScrum Plugin Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability ...
PT-2024-22306 · Jenkins · Jenkins Icescrum Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins iceScrum Plugin versions 1.1.6 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the plugin does not sanitize iceScrum project URLs on build views. Attackers who can...
Jenkins iceScrum Plugin stores credentials in Cleartext
Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
Jenkins iceScrum Plugin vulnerable to Missing Authorization
A missing permission check in Jenkins iceScrum Plugin prior to version 1.1.6 allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. This issue is patched in version 1.1.6...
GHSA-H5CX-W235-58HM Jenkins iceScrum Plugin vulnerable to Missing Authorization
A missing permission check in Jenkins iceScrum Plugin prior to version 1.1.6 allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. This issue is patched in version 1.1.6...
GHSA-RXVX-9WG5-QPWW Jenkins iceScrum Plugin vulnerable to Cross-site Request Forgery
A cross-site request forgery vulnerability in Jenkins iceScrum Plugin prior to version 1.1.6 allows attackers to connect to an attacker-specified URL using attacker-specified credentials. This issue is patched in version 1.1.6...
Jenkins iceScrum Plugin vulnerable to Cross-site Request Forgery
A cross-site request forgery vulnerability in Jenkins iceScrum Plugin prior to version 1.1.6 allows attackers to connect to an attacker-specified URL using attacker-specified credentials. This issue is patched in version 1.1.6...
GHSA-362P-56C9-Q273 Jenkins iceScrum Plugin stores credentials in Cleartext
Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
Unspecified Vulnerability in CloudBees Jenkins iceScrum Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . iceScrum Plugin is used in which a projec...
CloudBees Jenkins iceScrum Plugin Cross-Site Request Forgery Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . iceScrum Plugin is used in which a projec...
CloudBees Jenkins iceScrum Plugin Information Disclosure Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . iceScrum Plugin is used in which a projec...