Lucene search
K

39 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:40 p.m.10 views

CVE-2023-43502

A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes...

4.3CVSS6.7AI score0.00339EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-6270

Malicious code in bioql PyPI...

4.3CVSS5AI score0.00483EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-6406

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00644EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-6898

Malicious code in bioql PyPI...

8CVSS7.7AI score0.0046EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-2490

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.00691EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 11:42 p.m.3 views

CVE-2022-41231

Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint...

5.7CVSS5.5AI score0.01231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:42 p.m.5 views

CVE-2022-41232

A cross-site request forgery CSRF vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint...

8CVSS7.4AI score0.0046EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:0 p.m.14 views

CVE-2022-34785

Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them...

4.3CVSS6.3AI score0.00644EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:51 a.m.5 views

CVE-2019-10395

Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties...

5.4CVSS6.1AI score0.00688EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 5:15 p.m.6 views

CVE-2024-28156

Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure Build Monitor Views...

5.4CVSS5.2AI score
Exploits0References2
NVD
NVD
added 2023/09/20 5:15 p.m.36 views

CVE-2023-43501

A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...

6.5CVSS6.9AI score0.00504EPSS
Exploits0References2
OSV
OSV
added 2023/09/20 5:15 p.m.27 views

CVE-2023-43502

A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes...

4.3CVSS7AI score
Exploits0References2
NVD
NVD
added 2023/09/20 5:15 p.m.21 views

CVE-2023-43499

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create or update Failure Causes...

5.4CVSS5.8AI score0.00521EPSS
Exploits0References2
Prion
Prion
added 2023/09/20 5:15 p.m.27 views

Default credentials

A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...

4CVSS6.3AI score0.00504EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/20 12:0 a.m.3 views

PT-2023-28848 · Jenkins · Jenkins Build Failure Analyzer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Build Failure Analyzer Plugin versions 2.4.1 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to delete Failure Causes. This issue arises because the plugin does not require POST requests for a...

4.3CVSS4.4AI score0.00339EPSS
Exploits0References11
Oracle linux
Oracle linux
added 2023/09/11 12:0 a.m.26 views

olcne security update

istio 1.17.5-1 - Addresses CVE CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944. kubevirt 0.58.0-3 - Ensure that selinux build tags are set for all Go builds olcne 1.7.2-3 - Mofify kubevirt image tag to use virt-operator tag instead of kubevirt-version 1.7.2-2 - Update kubevirt imag...

9.8CVSS9.6AI score0.00735EPSS
Exploits3
Oracle linux
Oracle linux
added 2023/09/06 12:0 a.m.30 views

istio security update

istio 1.17.5-1 - Addresses CVE CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944. kubevirt 0.58.0-3 - Ensure that selinux build tags are set for all Go builds olcne 1.7.2-2 - Update kubevirt image versions fixing selinux=enforce not being supported 1.7.2-1 - Add Istio-1.17.5 and...

9.8CVSS9.6AI score0.00735EPSS
Exploits3
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.22 views

SUSE CVE-2017-1000387

Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.buildpublisher.BuildPublisher.xml in the Jenkins master home directory. These credentials were stored unencrypted, allowing anyone with local file system access to acce...

7.8CVSS7.2AI score0.00375EPSS
Exploits0References3
OSV
OSV
added 2022/10/19 7:0 p.m.23 views

GHSA-G66M-FQXF-3W35 CSRF protection for any URL can be bypassed in Jenkins Pipeline: Input Step Plugin

Pipeline: Input Step Plugin 451.vf1aa4f405289 and earlier does not restrict or sanitize the optionally specified ID of the input step. This ID is used for the URLs that process user interactions for the given input step proceed or abort and is not correctly encoded. This allows attackers able to...

8.8CVSS9AI score0.00493EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/09/21 3:45 p.m.5 views

CVE-2022-41232

A cross-site request forgery CSRF vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint...

6.7AI score0.0046EPSS
Exploits0References1
Rows per page
Query Builder