17 matches found
CVE-2018-1000105
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins...
EUVD-2022-5387
Malicious code in bioql PyPI...
EUVD-2023-0422
Malicious code in bioql PyPI...
EUVD-2022-2436
Malicious code in bioql PyPI...
CVE-2023-24423
A cross-site request forgery CSRF vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit...
CVE-2023-24423
A cross-site request forgery CSRF vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit...
PT-2023-19583 · Jenkins · Jenkins Gerrit Trigger Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Gerrit Trigger Plugin versions 2.38.0 and earlier Description: A cross-site request forgery CSRF issue allows attackers to rebuild previous builds triggered by Gerrit. This can be exploited to manipulate build processes...
CVE-2023-24423
A cross-site request forgery CSRF vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit...
GHSA-455J-8HG5-8576 Stored Cross-site Scripting vulnerability in Jenkins Gerrit Trigger Plugin
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of these vulnerabilities...
CVE-2022-29039
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Cross site scripting
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2019-16551
A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials...
CVE-2019-16552
A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins maste...
CVE-2019-16552
CVE-2019-16552 affects Jenkins Gerrit Trigger Plugin (versions 2.30.1 and earlier). Root cause: a missing permission check allows attackers with Overall/Read to connect to an attacker-specified HTTP/SSH endpoint using attacker-specified credentials, and to determine the existence of a file on the...
CVE-2019-16551
A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials...
CVE-2018-1000105
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins...