15 matches found
EUVD-2022-5097
Malicious code in bioql PyPI...
EUVD-2022-4477
Malicious code in bioql PyPI...
EUVD-2025-0186
Malicious code in bioql PyPI...
EUVD-2022-6275
Malicious code in bioql PyPI...
EUVD-2022-4758
Malicious code in bioql PyPI...
EUVD-2022-2708
Malicious code in bioql PyPI...
CVE-2020-2094
A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient...
CVE-2019-10470
A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
GHSA-Q9CM-88JX-3VFW Improper handling of case sensitivity in Jenkins OpenId Connect Authentication Plugin
The Jenkins OpenId Connect Authentication Plugin 4.452.v2849bd3945fa and earlier treats usernames as case-insensitive. On a Jenkins instance configured with a case-sensitive OpenID Connect provider, this allows attackers to log in as any user by providing a username that differs only in letter...
CVE-2025-24403
A missing permission check in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of Azure credentials stored in Jenkins...
CVE-2023-2631 CSRF vulnerability and missing permission checks in Code Dx Plugin
A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...
Cross-Site Request Forgery in Jenkins Delete log Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1594 more potentially affected by CVE-2021-21611 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.26)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2021-21611 Source advisory: OSV:GHSA-MJ7Q-CMF3-MG7H...
CVE-2021-21602
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks...
CVE-2017-1000393
Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was suppose...