9 matches found
EUVD-2022-4166
Malicious code in bioql PyPI...
EUVD-2022-5499
Malicious code in bioql PyPI...
CVE-2022-34787
Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to control the reason a queue item is blocked...
CVE-2019-10407
Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin...
CVE-2019-10408
A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates...
Jenkins Project Inheritance Plugin vulnerable to Cross-Site Request Forgery
Project Inheritance Plugin allows the creation of projects based on templates defined in the plugin configuration. A missing permission check in the HTTP endpoint triggering project creation allowed users with Overall/Read permission to create these projects. Additionally, the HTTP endpoint did n...
Format string
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format...
CVE-2019-10407
Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin...
CVE-2019-10408
The CVE refers to Jenkins Project Inheritance Plugin (2.0.0 and earlier) with a CSRF vulnerability caused by a missing permission check in the HTTP endpoint that triggers project creation from templates. This allowed users, potentially with limited access, to trigger project generation without pr...