EUVD-2023-1880

Malicious code in bioql PyPI...

EUVD-2022-7702

Malicious code in bioql PyPI...

EUVD-2022-1239

Malicious code in bioql PyPI...

Jenkins plugins Multiple Vulnerabilities (2022-12-07)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. CVE-2022-46682 - Jenki...

CVE-2023-35142

Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default...

CVE-2023-35142

Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default...

Cross site scripting

Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting XSS vulnerability...

PT-2022-27948 · Jenkins · Jenkins Checkmarx Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Checkmarx Plugin versions 2022.3.3 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the plugin does not escape values returned from the Checkmarx service API before...

CVE-2022-25201

CVE-2022-25201 affects Jenkins Checkmarx Plugin (versions 2022.1.2 and earlier). The vulnerability arises from missing permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials ID...

CVE-2022-25201

Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...