RHCOS 3 : Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:1423)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:1423 advisory. - jenkins-plugin-script-security: Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin SECURITY-1353 CVE-2019-100304...

EUVD-2022-5621

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-5421

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The Devise::Models::Lockable class, more...

CVE-2020-2281

A cross-site request forgery CSRF vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources...

GHSA-CHCR-X7HC-8FP8 Devise-Two-Factor vulnerable to brute force attacks

Advisory withdrawn The backing CVE has been rejected Devise-Two-Factor does not throttle or otherwise restrict login attempts at the server by default. When combined with the Time-based One Time Password algorithm's TOTP inherent entropy limitations, it's possible for an attacker to bypass the 2F...

Devise-Two-Factor vulnerable to brute force attacks

Advisory withdrawn The backing CVE has been rejected Devise-Two-Factor does not throttle or otherwise restrict login attempts at the server by default. When combined with the Time-based One Time Password algorithm's TOTP inherent entropy limitations, it's possible for an attacker to bypass the 2F...

Devise-Two-Factor vulnerable to brute force attacks

Devise-Two-Factor does not throttle or otherwise restrict login attempts at the server by default. When combined with the Time-based One Time Password algorithm's TOTP inherent entropy limitations, it's possible for an attacker to bypass the 2FA mechanism through brute-force attacks. Impact If a...

com.sonyericsson.hudson.plugins.rebuild:rebuild (>=320.v5a_0933a_e7d61 <=332.va_1ee476d8f6d), jp.ikedam.jenkins.plugins:scoring-load-balancer (=70.v7896fb_81f0c1) +5 more potentially affected by CVE-2022-45380 via org.jenkins-ci.plugins:junit (=1119.1121.vc43d0fc45561)

org.jenkins-ci.plugins:junit MAVEN version =1119.1121.vc43d0fc45561 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:junit and may be impacted: - com.sonyericsson.hudson.plugins.rebuild:rebuild =320.v5a0933ae7d61,...

org.waveywaves.jenkins.plugins:tekton-client (=1.1.0) potentially affected by CVE-2020-2281 via org.6wind.jenkins:lockable-resources (=2.3)

org.6wind.jenkins:lockable-resources MAVEN version =2.3 is affected by a known vulnerability. The following packages have a transitive dependency on org.6wind.jenkins:lockable-resources and may be impacted: - org.waveywaves.jenkins.plugins:tekton-client =1.1.0 Source cves: CVE-2020-2281 Source...

GHSA-RVWW-W62M-HCH8 CSRF vulnerability in Jenkins Lockable Resources Plugin

Lockable Resources Plugin 2.8 and earlier does not require POST requests for several HTTP endpoints, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to reserve, unreserve, unlock, and reset resources. Lockable Resources Plugin 2.9 requires POST...

CSRF vulnerability in Jenkins Lockable Resources Plugin

Lockable Resources Plugin 2.8 and earlier does not require POST requests for several HTTP endpoints, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to reserve, unreserve, unlock, and reset resources. Lockable Resources Plugin 2.9 requires POST...

Jenkins Lockable Resources Plugin XSS vulnerability

A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin...

GHSA-WQJJ-C9CX-Q7CF Jenkins Lockable Resources Plugin XSS vulnerability

A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin...

org.waveywaves.jenkins.plugins:tekton-client (=1.1.0) potentially affected by CVE-2019-1003042 via org.6wind.jenkins:lockable-resources (=2.3)

org.6wind.jenkins:lockable-resources MAVEN version =2.3 is affected by a known vulnerability. The following packages have a transitive dependency on org.6wind.jenkins:lockable-resources and may be impacted: - org.waveywaves.jenkins.plugins:tekton-client =1.1.0 Source cves: CVE-2019-1003042 Source...

CVE-2020-2281

A cross-site request forgery CSRF vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources...

CVE-2020-2281

A cross-site request forgery CSRF vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources...

CVE-2020-2281

A cross-site request forgery CSRF vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources...

CVE-2020-2281

The CVE-2020-2281 issue affects Jenkins Lockable Resources Plugin versions 2.8 and earlier. The root cause is CSRF due to endpoints not requiring POST, allowing attackers to reserve, unreserve, unlock, and reset resources. Impact is limited to the affected plugin’s resources as described in the s...

PT-2020-15510 · Jenkins · Jenkins Lockable Resources Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Lockable Resources Plugin versions 2.8 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to reserve, unreserve, unlock, and reset resources. This issue arises because the plugin does not require...