Untrusted users can modify some Pipeline libraries in Jenkins Pipeline: Deprecated Groovy Libraries Plugin

Multibranch Pipelines by default limit who can change the Pipeline definition from the Jenkinsfile. This is useful for SCMs like GitHub: Jenkins can build content from users without commit access, but who can submit pull requests, without granting them the ability to modify the Pipeline definitio...

CVE-2022-29047

Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a4ebbe039 and earlier, except 2.21.3, allows attackers able to submit pull requests or equivalent, but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamicall...

Jenkins Pipeline访问控制错误漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Pipeline is a suite of plugins that support the implementation and integration of continuous delivery pipelines int...

某图书馆检索系统通用SQL注射

简要描述： RT 详细说明： Google:inurl:/opac/index.jsp 在以及单位这里抓包 GET /lt/dzgl/dzxxgl/getejdw.jsp?yjdw=00000030 HTTP/1.1 Accept: / Accept-Language: zh-CN User-Agent: Mozilla/4.0 compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR...