9 matches found
EUVD-2022-2033
Malicious code in bioql PyPI...
EUVD-2022-2958
Malicious code in bioql PyPI...
EUVD-2022-2514
Malicious code in bioql PyPI...
CVE-2020-2216
A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password...
com.btc.ep:btc-embeddedplatform (>=2.5.8 <=2.5.9), org.jenkins-ci.plugins:qmetry-for-jira-test-management (>=1.11 <=1.26) potentially affected by CVE-2023-32981 via org.jenkins-ci.plugins:pipeline-utility-steps (=1.1.1)
org.jenkins-ci.plugins:pipeline-utility-steps MAVEN version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:pipeline-utility-steps and may be impacted: - com.btc.ep:btc-embeddedplatform =2.5.8, =1.11, =1.26 Source cves:...
com.btc.ep:btc-embeddedplatform (>=2.5.8 <=2.5.9), org.jenkins-ci.plugins:qmetry-for-jira-test-management (>=1.11 <=1.26) potentially affected by CVE-2022-45381 via org.jenkins-ci.plugins:pipeline-utility-steps (=1.1.1)
org.jenkins-ci.plugins:pipeline-utility-steps MAVEN version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:pipeline-utility-steps and may be impacted: - com.btc.ep:btc-embeddedplatform =2.5.8, =1.11, =1.26 Source cves:...
CVE-2020-2216
A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password...
Default credentials
A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password...
Command injection
Jenkins QMetry for JIRA - Test Management Plugin transmits credentials in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure...