Lucene search
K

16 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.10 views

CVE-2023-50777

Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

4.3CVSS7AI score0.00318EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-9527

Malicious code in bioql PyPI...

5.5CVSS6.3AI score0.00276EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-1948

Malicious code in bioql PyPI...

4.3CVSS5AI score0.00887EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-0319

Malicious code in bioql PyPI...

5.5CVSS5.6AI score0.00191EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-5112

Malicious code in bioql PyPI...

4.9CVSS5.1AI score0.00608EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-6781

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00328EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2022-6348

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00553EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.14 views

EUVD-2022-6248

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00684EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/07/11 3:42 p.m.17 views

CVE-2025-53674

Jenkins Sensedia Api Platform tools Plugin 1.0 does not mask the Sensedia API Manager integration token on the global configuration form, increasing the potential for attackers to observe and capture it...

5.3CVSS7.1AI score0.00252EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/11 3:42 p.m.11 views

CVE-2025-53678

Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

6.5CVSS7AI score0.00196EPSS
Exploits0References1
CVE
CVE
added 2025/07/09 3:39 p.m.28 views

CVE-2025-53655

CVE-2025-53655 affects Jenkins Statistics Gatherer Plugin versions 2.0.3 and earlier. The root issue is that the AWS Secret Key is stored unencrypted in the global configuration file org.jenkins.plugins.statistics.gatherer.StatisticsConfiguration.xml on the Jenkins controller and is not masked in...

5.3CVSS6.5AI score0.00313EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 3:43 a.m.9 views

CVE-2023-30521

A missing permission check in Jenkins Assembla merge request builder Plugin 1.1.13 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository...

5.3CVSS6.8AI score0.00518EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:59 p.m.7 views

CVE-2022-34186

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.4AI score0.00759EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:16 a.m.14 views

CVE-2019-16566

A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS6.5AI score0.00798EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/01/24 12:0 a.m.7 views

CVE-2023-24456

Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login...

7.1AI score0.01206EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/11/15 12:0 a.m.9 views

CVE-2022-45381

Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary...

7AI score0.01328EPSS
Exploits0References2
Rows per page
Query Builder