12 matches found
EUVD-2022-5490
Malicious code in bioql PyPI...
EUVD-2024-0334
Malicious code in bioql PyPI...
aendter.jenkins.plugins:filesystem-list-parameter-plugin (=0.0.6), br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1) +192 more potentially affected by CVE-2024-23900 via org.jenkins-ci.plugins:matrix-project (>=1.0 <=822.v01b_8c85d16d2)
org.jenkins-ci.plugins:matrix-project MAVEN version =1.0, =1.0.5.0, =0.2, =1.0.0, =1.9.2-beta, =0.5, =1.29, =1.14.0, =4.1.1, =1.1.1, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.8.2 and more Source cves: CVE-2024-23900 Source advisory: OSV:GHSA-CJGM-9VC9-56MX...
CVE-2024-23900
Jenkins Matrix Project Plugin 822.v01b8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by...
aendter.jenkins.plugins:filesystem-list-parameter-plugin (=0.0.6), com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9) +33 more potentially affected by CVE-2020-2224 via org.jenkins-ci.plugins:matrix-project (>=1.0 <=1.14)
org.jenkins-ci.plugins:matrix-project MAVEN version =1.0, =1.9.2-beta, =0.5, =1.28, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.0, =1.4.2, =0.34, =1.561, =1.599 - org.jenkins-ci.plugins:Matrix-sorter-plugin =1.3 and more Source cves: CVE-2020-2224 Source advisory: OSV:GHSA-H6QC-455M-7V6V...
CVE-2022-20615
Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission...
VulnCheck KEV: CVE-2019-1003030
Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution...
Sandbox Protection Bypass
Jenkins Matrix Project Plugin is vulnerable to sandbox protection bypass vulnerability. This exists in the src/main/java/hudson/matrix/FilterScript.java which allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM...
jenkins-matrix-project-plugin: sandbox bypass in matrix project plugin
A flaw was found in the Jenkins Matrix Project plugin version 1.13. An attacker with Job/Configure permission can bypass the sandbox and can execute arbitrary code on the Jenkins master JVM. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...
Security feature bypass
A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM...
Fedora Update for jenkins-matrix-project-plugin FEDORA-2015-5643
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for jenkins-matrix-project-plugin FEDORA-2014-15776
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...