Lucene search
K

19 matches found

EUVD
EUVD
added 6 days ago5 views

EUVD-2026-39173

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to bypass package protection rules and overwrite...

4.3CVSS5.9AI score0.00195EPSS
Exploits0References3
CVE
CVE
added 6 days ago92 views

CVE-2026-5952

GitLab CE/EE vulnerability CVE-2026-5952 affected all versions prior to 18.11.6 (from 17.11), 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1. An authenticated user with developer-role permissions could bypass package protection rules and overwrite protected Maven package metadata due to incorrect...

4.3CVSS5.9AI score0.00195EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 6 days ago29 views

CVE-2026-5952 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to bypass package protection rules and overwrite...

4.3CVSS0.00195EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-52206

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.11 through 18.11.5 GitLab CE/EE versions 19.0 through 19.0.2 GitLab CE/EE versions 19.1 through 19.1.0 Description An incorrect authorization check allows an authenticated user with developer-role permissions to bypass...

4.3CVSS5.8AI score0.00195EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-6289

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00533EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 11:4 p.m.6 views

CVE-2022-34190

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

5.4CVSS5.5AI score0.00602EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:1 p.m.9 views

CVE-2022-36905

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.5AI score0.00533EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/08/10 12:0 a.m.6 views

The vulnerability of the Jenkins Maven Metadata Plugin, which exists due to the lack of protective measures for website structure, allows attackers to execute XSS attacks.

The vulnerability of the Jenkins Maven Metadata Plugin exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

5.5CVSS5.8AI score0.00533EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/07/27 3:15 p.m.4 views

CVE-2022-36905

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.7AI score0.00533EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/07/27 12:0 a.m.3 views

PT-2022-4039 · Jenkins · Jenkins Maven Metadata Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Maven Metadata Plugin versions 2.2 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs due to the lack of URL validation for the Repository Base URL of List maven artifact versio...

8CVSS5.1AI score0.00533EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/07/27 12:0 a.m.4 views

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site scripting...

5.4CVSS5.5AI score0.00533EPSS
Exploits0References5
OSV
OSV
added 2022/06/23 5:15 p.m.1 views

CVE-2022-34190

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

5.4CVSS5.7AI score0.00602EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/06/23 5:15 p.m.4 views

CVE-2022-34190

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

5.4CVSS6.2AI score0.00602EPSS
Exploits0References2
Prion
Prion
added 2022/06/23 5:15 p.m.16 views

Cross site scripting

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

3.5CVSS5.2AI score0.00602EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/22 2:41 p.m.21 views

CVE-2022-34190

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

6.9AI score0.00602EPSS
Exploits0References1
CVE
CVE
added 2022/06/22 2:41 p.m.99 views

CVE-2022-34190

CVE-2022-34190 affects Jenkins Maven Metadata Plugin for Jenkins CI server (plugin 2.1 and earlier). The vulnerability is a stored XSS due to unescaped names/descriptions of List maven artifact versions parameters on parameter-displaying views, exploitable by attackers with Item/Configure permiss...

5.4CVSS5.2AI score0.00602EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/06/22 12:0 a.m.3 views

PT-2022-22059 · Jenkins · Jenkins Core +3

Name of the Vulnerable Software and Affected Versions: Jenkins Maven Metadata Plugin for Jenkins CI server Plugin versions 2.1 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the plugin does not escape the name and description of...

8CVSS5.8AI score0.00602EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/06/22 12:0 a.m.4 views

Jenkins Plugin Maven Metadata for CI server 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. a cross-site scripting vulnerability exists in Jenkins Maven Metadata for CI...

5.4CVSS5.7AI score0.00602EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2022/05/14 2:13 a.m.5 views

com.cloudbees.jenkins.plugins:additional-identities-plugin (=1.1), com.sonyericsson.hudson.plugins.rebuild:rebuild (>=1.15 <=1.27) +30 more potentially affected by CVE-2012-6073 via org.jenkins-ci.main:jenkins-core (>=1.481 <=1.490)

org.jenkins-ci.main:jenkins-core MAVEN version =1.481, =1.15, =1.1, =0.2.0, =0.1.0, =1.0.0, =1.481, =1.481, =1.481, =1.481, =1.0, =1.1 - org.jenkins-ci.modules:slave-installer =1.0 - org.jenkins-ci.modules:upstart-slave-installer =1.0 - org.jenkins-ci.modules:windows-slave-installer =1.0 and more...

5.8CVSS5.8AI score0.01832EPSS
Exploits0
Rows per page
Query Builder