6 matches found
GHSA-H83R-7F9F-MQJJ Jenkins Nexus Task Runner Plugin is missing a permission check
Jenkins Nexus Task Runner Plugin 0.9.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. Additionally, this endpoint does not require POST...
EUVD-2023-3098
Malicious code in bioql PyPI...
CVE-2023-50767
Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML...
PT-2023-31635 · Jenkins · Jenkins Nexus Platform Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Nexus Platform Plugin versions 3.18.0-03 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML. The plugin does not...
CVE-2023-40347
Jenkins Maven Artifact ChoiceListProvider Nexus Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to...