22 matches found
EUVD-2022-6375
Malicious code in bioql PyPI...
EUVD-2023-1308
Malicious code in bioql PyPI...
CVE-2023-30529
Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...
CVE-2022-36910
Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them...
Code injection
Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...
CVE-2023-30529
CVE-2023-30529 affects the Jenkins Lucene-Search Plugin (versions 387.v938a_ecb_f7fe9 and earlier). The underlying issue is that the plugin’s HTTP endpoint does not require POST requests, enabling cross-site request forgery that can be used to reindex the database. The accompanying sources consis...
CVE-2023-30529
Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...
CVE-2023-30529
Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...
PT-2023-22757 · Jenkins · Jenkins Lucene-Search Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Lucene-Search Plugin versions 387.v938a ecb f7fe9 and earlier Description: The issue allows attackers to reindex the database due to the lack of requirement for POST requests for an HTTP endpoint, resulting in a cross-site request...
The vulnerability of the Jenkins Lucene-Search Plugin, related to the lack of security measures for website structure protection, allows attackers to execute XSS attacks.
The vulnerability of the Jenkins Lucene-Search Plugin exists due to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
GHSA-M8W5-VWQ3-GP8F Lucene-Search Plugin does not perform permission checks in several HTTP endpoints
Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them...
GHSA-6954-H5C8-M29F Jenkins Lucene-Search Plugin vulnerable to reflected (XSS) cross-site scripting
Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the search result page. This results in a reflected cross-site scripting XSS vulnerability...
CVE-2022-36922
Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting XSS vulnerability...
CVE-2022-36922
Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting XSS vulnerability...
CVE-2022-36910
Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them...
CVE-2022-36922
Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting XSS vulnerability...
EUVD-2022-6260
Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting XSS vulnerability...
CVE-2022-36922
The CVE is for Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier, where the search query parameter on the results page is not escaped, causing a reflected XSS vulnerability (CVE-2022-36922). Affected versions should be updated to a version that properly escapes the search query parameter...
CVE-2022-36910
Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them...
CVE-2022-36910
Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them...