Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.23 views

EUVD-2022-5008

Malicious code in bioql PyPI...

8.6CVSS8.3AI score0.01012EPSS
Exploits0References9
OSV
OSV
added 2024/03/06 11:7 a.m.19 views

BIT-JENKINS-2020-2099

Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonati...

8.6CVSS8.2AI score0.01012EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/02/15 1:57 a.m.18 views

Istio may not check inbound TCP connections against istio-policy

Istio 1.1.x through 1.1.6 has Incorrect Access Control. When disablePolicyChecks is set to false, inbound TCP connections do not generate Check requests to istio-policy and external authorization is not applied. This behavior is a result of a change to...

7.5CVSS7.2AI score0.01175EPSS
Exploits1References5Affected Software1
RedHat Linux
RedHat Linux
added 2020/02/19 7:55 p.m.2 views

jenkins: Inbound TCP Agent Protocol/3 authentication bypass

A flaw was found in Jenkins. Encryption key parameters are improperly reused in the Inbound TCP Agent Protocol/3 allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents. The highest threat from this vulnerability is to data confidentiality...

8.6CVSS7.3AI score0.01012EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2020/02/04 12:0 a.m.42 views

Jenkins < 2.214, < 2.204.2 LTS Authentication Bypass Vulnerability - Linux

Jenkins is prone to an inbound TCP Agent Protocol/3 authentication bypass vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later Thi...

8.6CVSS8.8AI score0.01012EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2020/01/31 9:9 p.m.21 views

CVE-2020-2099

A flaw was found in Jenkins. Encryption key parameters are improperly reused in the Inbound TCP Agent Protocol/3 allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents. The highest threat from this vulnerability is to data confidentiality...

8.6CVSS4AI score0.01012EPSS
Exploits0References3
OSV
OSV
added 2020/01/29 4:15 p.m.18 views

CVE-2020-2099

Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonati...

8.6CVSS6.4AI score
Exploits0References6
Rows per page
Query Builder