15 matches found
EUVD-2022-5919
Malicious code in bioql PyPI...
EUVD-2022-6048
Malicious code in bioql PyPI...
EUVD-2022-6186
Malicious code in bioql PyPI...
CVE-2022-34202
Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...
CVE-2022-34203
A cross-site request forgery CSRF vulnerability in Jenkins EasyQA Plugin 1.0 and earlier allows attackers to connect to an attacker-specified HTTP server...
CVE-2022-34204
A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server...
CVE-2022-34203
A cross-site request forgery CSRF vulnerability in Jenkins EasyQA Plugin 1.0 and earlier allows attackers to connect to an attacker-specified HTTP server...
CVE-2022-34204
A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server...
CVE-2022-34203
A cross-site request forgery CSRF vulnerability in Jenkins EasyQA Plugin 1.0 and earlier allows attackers to connect to an attacker-specified HTTP server...
CVE-2022-34203
A cross-site request forgery CSRF vulnerability in Jenkins EasyQA Plugin 1.0 and earlier allows attackers to connect to an attacker-specified HTTP server...
CVE-2022-34202
Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...
CVE-2022-34204
A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server...
CVE-2022-34203
CVE-2022-34203 is a CSRF vulnerability in Jenkins EasyQA Plugin 1.0 and earlier. The Nessus/NVD entries describe that an attacker can abuse a form-validation flow to connect to an attacker-specified HTTP server, due to missing permission checks in the plugin’s processing. The vulnerability is tie...
CVE-2022-34203
A cross-site request forgery CSRF vulnerability in Jenkins EasyQA Plugin 1.0 and earlier allows attackers to connect to an attacker-specified HTTP server...
PT-2022-22073 · Jenkins · Jenkins Easyqa Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins EasyQA Plugin version 1.0 and earlier Description: A cross-site request forgery CSRF issue allows attackers to connect to an attacker-specified HTTP server. Recommendations: For Jenkins EasyQA Plugin version 1.0 and earlier, update to...