Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

CVE-2019-16576

A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or...

EUVD-2023-0307

Malicious code in bioql PyPI...

CNCF K3s Kubernetes kubelet configuration exposes credentials

CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyPort is set to 10255. For example, the default behavior of a K3s online installation might allow unauthenticated access to this port, exposing...

io.jenkins.plugins:bitbucket-kubernetes-credentials (>=202.v15b_72a_698524 <=467.vdffa_a_9249dc5) potentially affected by CVE-2025-24398 via io.jenkins.plugins:atlassian-bitbucket-server-integration (>=3.4.2 <=4.1.1)

io.jenkins.plugins:atlassian-bitbucket-server-integration MAVEN version =3.4.2, =202.v15b72a698524, =467.vdffaa9249dc5 Source cves: CVE-2025-24398 Source advisory: OSV:GHSA-QJW6-XVRM-5F2H...

Jenkins Plugin Kubernetes Credentials Provider 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin A security...

CVE-2023-24425

Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to...

PT-2023-19585 · Jenkins · Jenkins Kubernetes Credentials Provider Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes Credentials Provider Plugin versions 1.208.v128ee9800c04 and earlier Description: The issue allows attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to,...

CVE-2022-31098 Weave GitOps leaked cluster credentials into logs on connection errors

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of...