Lucene search
+L

23 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-7151

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.01088EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-7024

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00554EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-6999

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00668EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 12:13 a.m.8 views

CVE-2022-43419

Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

6.5CVSS6.7AI score0.00668EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:13 a.m.11 views

CVE-2022-43418

A cross-site request forgery CSRF vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS6.6AI score0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:57 p.m.12 views

CVE-2022-43416

Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with...

8.8CVSS6.7AI score0.01088EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:46 p.m.8 views

CVE-2022-43417

Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in...

4.3CVSS6.4AI score0.00554EPSS
Exploits0References1
OSV
OSV
added 2022/10/19 7:0 p.m.62 views

GHSA-35RX-7PC8-6963 API keys stored in plain text by Jenkins Katalon Plugin

Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Katalon Plugin 1.0.33 no...

4.3CVSS6.6AI score0.00668EPSS
Exploits0References6
OSV
OSV
added 2022/10/19 4:15 p.m.18 views

CVE-2022-43418

A cross-site request forgery CSRF vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS4.6AI score
Exploits0References2
OSV
OSV
added 2022/10/19 4:15 p.m.27 views

CVE-2022-43419

Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

6.5CVSS6.5AI score
Exploits0References2
OSV
OSV
added 2022/10/19 4:15 p.m.17 views

CVE-2022-43416

Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with...

8.8CVSS8.7AI score
Exploits0References2
Prion
Prion
added 2022/10/19 4:15 p.m.17 views

Design/Logic Flaw

Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with...

6.5CVSS8.6AI score0.01088EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/19 12:0 a.m.5 views

CVE-2022-43418

A cross-site request forgery CSRF vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.5AI score0.00397EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/10/19 12:0 a.m.6 views

CVE-2022-43417

Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in...

4.5AI score0.00554EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/10/19 12:0 a.m.28 views

CVE-2022-43416

Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with...

8.8AI score0.01088EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/10/19 12:0 a.m.37 views

CVE-2022-43418

A cross-site request forgery CSRF vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.8AI score0.00397EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/10/19 12:0 a.m.6 views

CVE-2022-43416

Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with...

8.8AI score0.01088EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/10/19 12:0 a.m.7 views

CVE-2022-43419

Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

6.4AI score0.00668EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/10/19 12:0 a.m.11 views

PT-2022-26902 · Jenkins · Jenkins Katalon Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Katalon Plugin versions 1.0.32 and earlier Description: The issue allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturin...

4.3CVSS4.4AI score0.00554EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.6 views

Jenkins Katalon Plugin 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site request...

4.3CVSS5AI score0.00397EPSS
Exploits0References6
Rows per page
Query Builder