18 matches found
EUVD-2022-5621
Malicious code in bioql PyPI...
CVE-2020-2281
A cross-site request forgery CSRF vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources...
CSRF vulnerability in Jenkins Lockable Resources Plugin
Lockable Resources Plugin 2.8 and earlier does not require POST requests for several HTTP endpoints, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to reserve, unreserve, unlock, and reset resources. Lockable Resources Plugin 2.9 requires POST...
GHSA-WQJJ-C9CX-Q7CF Jenkins Lockable Resources Plugin XSS vulnerability
A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin...
Jenkins Lockable Resources Plugin XSS vulnerability
A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin...
CVE-2020-2281
A cross-site request forgery CSRF vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources...
CVE-2020-2281
A cross-site request forgery CSRF vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources...
CVE-2020-2281
A cross-site request forgery CSRF vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources...
CVE-2020-2281
The CVE-2020-2281 issue affects Jenkins Lockable Resources Plugin versions 2.8 and earlier. The root cause is CSRF due to endpoints not requiring POST, allowing attackers to reserve, unreserve, unlock, and reset resources. Impact is limited to the affected plugin’s resources as described in the s...
PT-2020-15510 · Jenkins · Jenkins Lockable Resources Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Lockable Resources Plugin versions 2.8 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to reserve, unreserve, unlock, and reset resources. This issue arises because the plugin does not require...
CVE-2019-1003042
A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin...
CloudBees Jenkins Cross-Site Scripting Vulnerability (CNVD-2019-09292)
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Lockable Resources Plugin is used in one of the globa...
Cross site scripting
A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin...
CVE-2019-1003042
A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin...
CVE-2019-1003042
CVE-2019-1003042 corresponds to a cross-site scripting vulnerability in Jenkins Lockable Resources Plugin (version 2.4 and earlier), where an attacker who can control resource names can inject arbitrary JavaScript into web pages rendered by the plugin. The issue is evidenced in multiple connected...
CVE-2019-1003042
A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin...
PT-2019-2580 · Jenkins · Jenkins Lockable Resources Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Lockable Resources Plugin versions 2.4 and earlier Description: The issue allows attackers to inject arbitrary JavaScript code in web pages rendered by the plugin due to a cross-site scripting vulnerability. This can be exploited by...