45 matches found
EUVD-2024-26732
Malicious code in bioql PyPI...
EUVD-2022-2736
Malicious code in bioql PyPI...
EUVD-2022-4204
Malicious code in bioql PyPI...
EUVD-2023-2484
Malicious code in bioql PyPI...
CVE-2023-41934
Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask i.e., replace with asterisks usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked...
CVE-2020-2233
A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
CVE-2020-2235
A cross-site request forgery CSRF vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkin...
CVE-2019-10358
Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log...
[SECURITY] Fedora 40 Update: maven-verifier-2.0.0~M1-7.fc40
Provides a test harness for Maven integration tests...
Apache StreamPark: Authenticated system users could trigger remote command execution
In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in...
Input validation
In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in...
Design/Logic Flaw
Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask i.e., replace with asterisks usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked...
CVE-2023-41934
Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask i.e., replace with asterisks usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked...
CVE-2023-41934
Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask i.e., replace with asterisks usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked...
Jenkins Plugin Pipeline Maven Integration Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
XML External Entity processing vulnerability in Pipeline Maven Integration Jenkins Plugin
An XML external entities XXE vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for...
GHSA-6755-JGP4-8Q7H XML External Entity processing vulnerability in Pipeline Maven Integration Jenkins Plugin
An XML external entities XXE vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for...
GHSA-HQ2H-9MC3-H6W2 Stored XSS vulnerability in Pipeline Maven Integration Plugin via unescaped display name
Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job’s display name shown as part of a build cause. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission. Pipeline Maven Integration Plugin 3.9.3 escap...
CSRF vulnerability in Jenkins Pipeline Maven Integration Plugin allow capturing credentials
Pipeline Maven Integration Plugin 3.8.2 and earlier does not perform a permission check in a method implementing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another...
GHSA-C2HG-2JJ6-H8VH CSRF vulnerability in Jenkins Pipeline Maven Integration Plugin allow capturing credentials
Pipeline Maven Integration Plugin 3.8.2 and earlier does not perform a permission check in a method implementing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another...