RHCOS 3 : OpenShift Container Platform 3.11.306 jenkins (RHSA-2020:4223)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4223 advisory. - jetty: double release of resource can lead to information disclosure CVE-2019-17638 - jenkins: user-specified tooltip values leads...

EUVD-2022-5499

Malicious code in bioql PyPI...

EUVD-2022-4166

Malicious code in bioql PyPI...

CVE-2022-34787

Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to control the reason a queue item is blocked...

CVE-2019-10407

Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin...

CVE-2019-10408

A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates...

Jenkins Project Inheritance Plugin vulnerable to Cross-Site Request Forgery

Project Inheritance Plugin allows the creation of projects based on templates defined in the plugin configuration. A missing permission check in the HTTP endpoint triggering project creation allowed users with Overall/Read permission to create these projects. Additionally, the HTTP endpoint did n...

Format string

Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format...

PT-2020-15412 · Jenkins · Jenkins Project Inheritance Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Project Inheritance Plugin versions 21.04.03 and earlier Description: The issue concerns the transmission of job config.xml data to users without proper Job/Configure permissions. Specifically, it does not redact encrypted secrets in...

CVE-2019-10407

Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin...

CVE-2019-10408

The CVE refers to Jenkins Project Inheritance Plugin (2.0.0 and earlier) with a CSRF vulnerability caused by a missing permission check in the HTTP endpoint that triggers project creation from templates. This allowed users, potentially with limited access, to trigger project generation without pr...