19 matches found
EUVD-2026-39173
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to bypass package protection rules and overwrite...
CVE-2026-5952
GitLab CE/EE vulnerability CVE-2026-5952 affected all versions prior to 18.11.6 (from 17.11), 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1. An authenticated user with developer-role permissions could bypass package protection rules and overwrite protected Maven package metadata due to incorrect...
CVE-2026-5952 Incorrect Authorization in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to bypass package protection rules and overwrite...
PT-2026-52206
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.11 through 18.11.5 GitLab CE/EE versions 19.0 through 19.0.2 GitLab CE/EE versions 19.1 through 19.1.0 Description An incorrect authorization check allows an authenticated user with developer-role permissions to bypass...
EUVD-2022-6289
Malicious code in bioql PyPI...
CVE-2022-34190
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...
CVE-2022-36905
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
The vulnerability of the Jenkins Maven Metadata Plugin, which exists due to the lack of protective measures for website structure, allows attackers to execute XSS attacks.
The vulnerability of the Jenkins Maven Metadata Plugin exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
CVE-2022-36905
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
PT-2022-4039 · Jenkins · Jenkins Maven Metadata Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Maven Metadata Plugin versions 2.2 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs due to the lack of URL validation for the Repository Base URL of List maven artifact versio...
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site scripting...
CVE-2022-34190
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...
CVE-2022-34190
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...
Cross site scripting
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...
CVE-2022-34190
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...
CVE-2022-34190
CVE-2022-34190 affects Jenkins Maven Metadata Plugin for Jenkins CI server (plugin 2.1 and earlier). The vulnerability is a stored XSS due to unescaped names/descriptions of List maven artifact versions parameters on parameter-displaying views, exploitable by attackers with Item/Configure permiss...
PT-2022-22059 · Jenkins · Jenkins Core +3
Name of the Vulnerable Software and Affected Versions: Jenkins Maven Metadata Plugin for Jenkins CI server Plugin versions 2.1 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the plugin does not escape the name and description of...
Jenkins Plugin Maven Metadata for CI server 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. a cross-site scripting vulnerability exists in Jenkins Maven Metadata for CI...
com.cloudbees.jenkins.plugins:additional-identities-plugin (=1.1), com.sonyericsson.hudson.plugins.rebuild:rebuild (>=1.15 <=1.27) +30 more potentially affected by CVE-2012-6073 via org.jenkins-ci.main:jenkins-core (>=1.481 <=1.490)
org.jenkins-ci.main:jenkins-core MAVEN version =1.481, =1.15, =1.1, =0.2.0, =0.1.0, =1.0.0, =1.481, =1.481, =1.481, =1.481, =1.0, =1.1 - org.jenkins-ci.modules:slave-installer =1.0 - org.jenkins-ci.modules:upstart-slave-installer =1.0 - org.jenkins-ci.modules:windows-slave-installer =1.0 and more...