16 matches found
CVE-2019-16540
A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete arbitrary files on the Jenkins master...
EUVD-2022-0841
Malicious code in bioql PyPI...
EUVD-2022-4279
Malicious code in bioql PyPI...
EUVD-2022-1970
Malicious code in bioql PyPI...
EUVD-2022-3275
Malicious code in bioql PyPI...
CVE-2022-45383
An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fabd860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission...
CVE-2022-25187
Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle...
CVE-2021-21621
Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user basic authentication details only" information, which can include the session ID of the user creating the support bundle in some configurations...
CVE-2019-16539
A missing permission check in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete support bundles...
SUSE CVE-2019-16539
A missing permission check in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete support bundles...
CVE-2022-45383
An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fabd860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission...
Code injection
An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fabd860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission...
CVE-2022-45383
An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fabd860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission...
Jenkins Support Core Plugin stores sensitive data in plain text
Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle. Support Core Plugin 2.79.1 adds a list of keywords whose associated values are redacted...
Design/Logic Flaw
Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle...
CloudBees Jenkins Support Core Plugin Information Disclosure Vulnerability
Jenkins Support Core is a Jenkins open source application plugin . Provides in Jenkins to generate support information "bundle" of the basic infrastructure . An information disclosure vulnerability exists in Jenkins Support Core Plugin version 2.72 and earlier. The vulnerability stems from the...