16 matches found
EUVD-2022-2554
Malicious code in bioql PyPI...
EUVD-2022-2637
Malicious code in bioql PyPI...
EUVD-2022-4657
Malicious code in bioql PyPI...
CVE-2021-21681
Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...
CVE-2019-1003093
A missing permission check in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpldoTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
CVE-2019-1003092
A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
GHSA-5C2C-CVG6-GHJM Password stored in plain text by Jenkins Nomad Plugin
Jenkins Nomad Plugin 0.7.4 and earlier stores the passwords to authenticate against the Docker registry unencrypted in the global config.xml file on the Jenkins controller as part of its worker templates configuration. These passwords can be viewed by users with access to the Jenkins controller...
Password stored in plain text by Jenkins Nomad Plugin
Jenkins Nomad Plugin 0.7.4 and earlier stores the passwords to authenticate against the Docker registry unencrypted in the global config.xml file on the Jenkins controller as part of its worker templates configuration. These passwords can be viewed by users with access to the Jenkins controller...
Cross-site request forgery vulnerability in Jenkins Nomad Plugin
A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
CVE-2019-1003092
A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
CVE-2019-1003092
A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
Input validation
A missing permission check in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpldoTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
CVE-2019-1003093
A missing permission check in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpldoTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
PT-2019-11383 · Jenkins · Jenkins Nomad Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Nomad Plugin affected versions not specified Description: A missing permission check in the NomadCloud.DescriptorImpldoTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an...
PT-2019-11382 · Jenkins · Jenkins Nomad Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Nomad Plugin affected versions not specified Description: A cross-site request forgery issue exists in the NomadCloud.DescriptorImpldoTestConnection form validation method, allowing attackers to initiate a connection to an...