Lucene search
+L

6 matches found

osv
osv
added 2025/10/29 3:31 p.m.5 views

GHSA-H83R-7F9F-MQJJ Jenkins Nexus Task Runner Plugin is missing a permission check

Jenkins Nexus Task Runner Plugin 0.9.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. Additionally, this endpoint does not require POST...

4.3CVSS6.7AI score0.00227EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-3098

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.00447EPSS
Exploits0References6
redhatcve
redhatcve
added 2025/05/23 4:29 a.m.14 views

CVE-2023-50767

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML...

5.4CVSS6.6AI score0.0044EPSS
Exploits0
prion
prion
added 2023/12/13 6:15 p.m.21 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML...

6.8CVSS7AI score0.00447EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2023/12/13 12:0 a.m.5 views

PT-2023-31635 · Jenkins · Jenkins Nexus Platform Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Nexus Platform Plugin versions 3.18.0-03 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML. The plugin does not...

8.8CVSS6.8AI score0.00447EPSS
Exploits0References11
osv
osv
added 2023/08/16 3:15 p.m.5 views

CVE-2023-40347

Jenkins Maven Artifact ChoiceListProvider Nexus Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to...

6.5CVSS5.8AI score0.00557EPSS
Exploits0References2
Rows per page
Query Builder