Lucene search
K

22 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-6375

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00419EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2023-1308

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00349EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 3:43 a.m.7 views

CVE-2023-30529

Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...

4.3CVSS6.7AI score0.00349EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:11 a.m.6 views

CVE-2022-36910

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them...

5.4CVSS6.2AI score0.00419EPSS
Exploits0References1
Prion
Prion
added 2023/04/12 6:15 p.m.13 views

Code injection

Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...

4.3CVSS4.6AI score0.00349EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/04/12 5:5 p.m.64 views

CVE-2023-30529

CVE-2023-30529 affects the Jenkins Lucene-Search Plugin (versions 387.v938a_ecb_f7fe9 and earlier). The underlying issue is that the plugin’s HTTP endpoint does not require POST requests, enabling cross-site request forgery that can be used to reindex the database. The accompanying sources consis...

4.3CVSS4.5AI score0.00349EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2023/04/12 5:5 p.m.27 views

CVE-2023-30529

Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...

4.3CVSS5.6AI score0.00349EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/04/12 5:5 p.m.6 views

CVE-2023-30529

Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...

7AI score0.00349EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/12 12:0 a.m.3 views

PT-2023-22757 · Jenkins · Jenkins Lucene-Search Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Lucene-Search Plugin versions 387.v938a ecb f7fe9 and earlier Description: The issue allows attackers to reindex the database due to the lack of requirement for POST requests for an HTTP endpoint, resulting in a cross-site request...

4.3CVSS6.7AI score0.00349EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2022/08/10 12:0 a.m.7 views

The vulnerability of the Jenkins Lucene-Search Plugin, related to the lack of security measures for website structure protection, allows attackers to execute XSS attacks.

The vulnerability of the Jenkins Lucene-Search Plugin exists due to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

5.5CVSS6.2AI score0.00586EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/07/28 12:0 a.m.15 views

GHSA-M8W5-VWQ3-GP8F Lucene-Search Plugin does not perform permission checks in several HTTP endpoints

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them...

4.3CVSS5.5AI score0.00419EPSS
Exploits0References4
OSV
OSV
added 2022/07/28 12:0 a.m.24 views

GHSA-6954-H5C8-M29F Jenkins Lucene-Search Plugin vulnerable to reflected (XSS) cross-site scripting

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the search result page. This results in a reflected cross-site scripting XSS vulnerability...

8.8CVSS6.1AI score0.00586EPSS
Exploits0References4
OSV
OSV
added 2022/07/27 3:15 p.m.2 views

CVE-2022-36922

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting XSS vulnerability...

6.1CVSS5.7AI score0.00586EPSS
Exploits0References2
NVD
NVD
added 2022/07/27 3:15 p.m.12 views

CVE-2022-36922

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting XSS vulnerability...

6.1CVSS0.00586EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/07/27 3:15 p.m.5 views

CVE-2022-36910

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them...

5.4CVSS5.8AI score0.00419EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/07/27 2:29 p.m.20 views

CVE-2022-36922

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting XSS vulnerability...

6.4AI score0.00586EPSS
Exploits0References2
EUVD
EUVD
added 2022/07/27 2:29 p.m.4 views

EUVD-2022-6260

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting XSS vulnerability...

6.1CVSS6AI score0.00586EPSS
Exploits0References4
CVE
CVE
added 2022/07/27 2:29 p.m.88 views

CVE-2022-36922

The CVE is for Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier, where the search query parameter on the results page is not escaped, causing a reflected XSS vulnerability (CVE-2022-36922). Affected versions should be updated to a version that properly escapes the search query parameter...

6.1CVSS6AI score0.00586EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/07/27 2:26 p.m.14 views

CVE-2022-36910

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them...

5.8AI score0.00419EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2022/07/27 2:26 p.m.43 views

CVE-2022-36910

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them...

5.4CVSS2.6AI score0.00419EPSS
Exploits0References2
Rows per page
Query Builder