Lucene search
K

38 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-6289

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00552EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 4:51 a.m.6 views

CVE-2019-10450

Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

3.3CVSS6.7AI score0.00241EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.213 views

Jenkins-CI Unauthenticated Script-Console Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'cgi' class MetasploitModule 'Jenkins-CI Unauthenticated Script-Console Scanner', 'Description' = %q This module scans for unauthenticated Jenkins-CI script...

9.8CVSS7.4AI score0.86829EPSS
Exploits12
Veracode
Veracode
added 2024/05/08 6:26 a.m.26 views

Arbitrary Code Execution

org.jenkins-ci.plugins:script-security is vulnerable to Arbitrary Code Execution. The vulnerability is due to crafted constructor bodies that invoke other constructors which can then be used to construct any subclassable type via implicit casts, which bypasses the sandbox protection, resulting in...

9.8CVSS7.2AI score0.48081EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2023/08/18 10:19 a.m.22 views

Information Disclosure

org.jenkins-ci.plugins, cloudbees-folder is vulnerable to Information Disclosure. The vulnerability exists because the library does not properly restrict the organization folder log file location, which allows an attacker to gain access to sensitive information in the system...

4.3CVSS6.7AI score0.00533EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2023/05/21 9:41 a.m.20 views

Information Disclosure

org.jenkins-ci.plugins:codedx is vulnerable to Information Disclosure. A remote authenticated attacker with item/read permissions is able to gain access user sensitive information such as the existence of an attacker-specified file path on an agent file system...

4.3CVSS6.7AI score0.00953EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/07/27 2:25 p.m.98 views

CVE-2022-36905

The CVE-2022-36905 entry describes a stored XSS in Jenkins Maven Metadata Plugin for Jenkins CI server plugin versions 2.2 and earlier, caused by missing URL validation for the Repository Base URL of the List maven artifact versions parameter. The impact is exploitable by attackers with Item/Conf...

5.4CVSS5.2AI score0.00552EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/24 12:0 a.m.52 views

Cross-site Scripting in Jenkins Maven Metadata Plugin

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

5.4CVSS5.7AI score0.00602EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/06/23 5:15 p.m.18 views

Cross site scripting

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

3.5CVSS5.2AI score0.00602EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:33 p.m.28 views

Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin

Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

6.5CVSS6.2AI score0.01032EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/24 5:33 p.m.20 views

GHSA-485Q-V457-3P58 Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin

Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

6.5CVSS6.4AI score0.01032EPSS
Exploits0References3
OSV
OSV
added 2022/04/23 12:40 a.m.4 views

GHSA-3QXR-Q72Q-HMWP Jenkins CI Game Plugin allows Cross-Site Scripting (XSS)

Cross-site Scripting XSS in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin...

6.1CVSS5.8AI score0.01867EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2016/08/13 12:0 a.m.52 views

SonarQube Jenkins Password Disclosure

Advisory Information Title: SonarQube Jenkins Plugin - Plain Text Password Date published: 2013-12-05 Date of last update: 2013-12-05 Vendors contacted : SonarQube and Jenkins CI Discovered by: Christian Catalano Severity: High 2. Vulnerability Information CVE reference: CVE-2013-5676 CVSS v2...

4CVSS6.7AI score0.04987EPSS
Exploits4
CNVD
CNVD
added 2016/06/21 12:0 a.m.5 views

CloudBees Jenkins CI Build Failure Analyzer plugin cross-site scripting vulnerability

CloudBees Jenkins CI formerly known as Hudson Labs is a set of Java-based development of continuous integration tools , which is mainly used to monitor the continuous software version release/testing projects and some timed tasks.Jenkins CI Build Failure Analyzer is one of the a plugin for...

6.1CVSS6AI score0.01229EPSS
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2016/05/26 12:0 a.m.10 views

Jenkins CI Server XStream Insecure Deserialization (CVE-2016-0792)

An insecure deserialization vulnerability has been reported in Jenkins CI Server. This vulnerability is due to the inclusion of the Groovy library in the classpath combined with the insecure deserialization employing the XStream library. A remote, unauthenticated attacker can exploit this...

9CVSS3.5AI score0.82697EPSS
Exploits23
CNVD
CNVD
added 2016/05/13 12:0 a.m.2 views

CloudBees Jenkins CI and Jenkins LTS Unauthorized Modification Vulnerability (CNVD-2016-03157)

CloudBees Jenkins CI formerly known as Hudson Labs is a Java-based continuous integration tool from CloudBees, Inc. It is mainly used to monitor ongoing software releases/testing projects and a number of timed tasks.LTS Long-Term Support is a long-supported version of CloudBees Jenkins CI is a...

4.3CVSS6.7AI score0.02293EPSS
Exploits0References1
CNVD
CNVD
added 2016/05/13 12:0 a.m.2 views

CloudBees Jenkins CI and Jenkins LTS Denial of Service Vulnerabilities

CloudBees Jenkins CI formerly known as Hudson Labs is a Java-based continuous integration tool from CloudBees, Inc. It is mainly used to monitor ongoing software releases/testing projects and a number of timed tasks.LTS Long-Term Support is a long-supported version of CloudBees Jenkins CI is a...

5CVSS6.7AI score0.02388EPSS
Exploits0References1
CNVD
CNVD
added 2016/02/27 12:0 a.m.2 views

CloudBees Jenkins CI and LTS Split Response Vulnerability

CloudBees Jenkins CI is a set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . LTS is a long-term support for CloudBees Jenkins CI version . An HTTP...

6.1CVSS9.7AI score0.0179EPSS
Exploits0References1
CNVD
CNVD
added 2016/02/08 12:0 a.m.4 views

CloudBees Jenkins CI and LTS Cross-Site Scripting Vulnerability

CloudBees Jenkins CI is a set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . LTS is a long-term support for CloudBees Jenkins CI version . A...

5.4CVSS6.3AI score0.01251EPSS
Exploits0References1
CNVD
CNVD
added 2016/02/08 12:0 a.m.3 views

CloudBees Jenkins CI and LTS Request Forgery Vulnerability

CloudBees Jenkins CI is a set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . LTS is a long-term support for CloudBees Jenkins CI version . A reque...

8.8CVSS7.1AI score0.02395EPSS
Exploits0References1
Rows per page
Query Builder