36 matches found
CVE-2019-16550
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...
CVE-2019-16549
Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity XXE attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents...
EUVD-2022-2966
Malicious code in bioql PyPI...
EUVD-2022-3866
Malicious code in bioql PyPI...
EUVD-2022-3031
Malicious code in bioql PyPI...
EUVD-2022-5446
Malicious code in bioql PyPI...
EUVD-2022-5090
Malicious code in bioql PyPI...
CVE-2019-10359
A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseActiondoSubmit method allowed attackers to perform releases with attacker-specified options...
CVE-2019-10361
Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system...
CVE-2019-10360
A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins...
Cross-site request forgery (CSRF) vulnerability in Jenkins Maven Release Plugin
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...
CloudBees Jenkins Maven Release Plugin Code Issue Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Maven Release Plugin is used in one of the...
CVE-2019-16550
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...
CVE-2019-16549
Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity XXE attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents...
CVE-2019-16549
Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity XXE attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents...
CVE-2019-16550
Summary: CVE-2019-16550 is a CSRF flaw in the Jenkins Maven Release Plugin (versions 0.16.1 and earlier) that allows an attacker to cause Jenkins to connect to a user-specified web server and parse XML documents. Affected: Jenkins Maven Release Plugin ≤ 0.16.1. Root cause / impact: cross-site req...
CVE-2019-16549
Vulnerability: Jenkins Maven Release Plugin (versions 0.16.1 and earlier) suffers an XXE flaw because the XML parser isn’t configured to neutralize external entities. Impact (as described): MITM attackers could force Jenkins to parse crafted XML, enabling potential extraction of secrets, server-s...
CVE-2019-16550
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...
PT-2019-14705 · Jenkins · Jenkins Maven Release Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Maven Release Plugin versions 0.16.1 and earlier Description: A cross-site request forgery issue exists in the connection test form method, allowing attackers to have the system connect to a specified web server and parse XML document...
Jenkins Maven Release Cleartext Storage of Credentials Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins Maven Release. Authentication is required to exploit this vulnerability. The specific flaw exists within the Maven Release plugin. The issue results from storing credentials in...