EUVD-2022-2966

Malicious code in bioql PyPI...

Cross-site request forgery (CSRF) vulnerability in Jenkins Maven Release Plugin

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...

CVE-2019-16550

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...

CVE-2019-16549

Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity XXE attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents...

CVE-2019-16549

Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity XXE attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents...

CVE-2019-16550

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...

CVE-2019-16549

Vulnerability: Jenkins Maven Release Plugin (versions 0.16.1 and earlier) suffers an XXE flaw because the XML parser isn’t configured to neutralize external entities. Impact (as described): MITM attackers could force Jenkins to parse crafted XML, enabling potential extraction of secrets, server-s...

CVE-2019-16550

Summary: CVE-2019-16550 is a CSRF flaw in the Jenkins Maven Release Plugin (versions 0.16.1 and earlier) that allows an attacker to cause Jenkins to connect to a user-specified web server and parse XML documents. Affected: Jenkins Maven Release Plugin ≤ 0.16.1. Root cause / impact: cross-site req...

PT-2019-14705 · Jenkins · Jenkins Maven Release Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Maven Release Plugin versions 0.16.1 and earlier Description: A cross-site request forgery issue exists in the connection test form method, allowing attackers to have the system connect to a specified web server and parse XML document...

Jenkins Maven Release Cleartext Storage of Credentials Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins Maven Release. Authentication is required to exploit this vulnerability. The specific flaw exists within the Maven Release plugin. The issue results from storing credentials in...

CloudBees Jenkins Maven Release Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Maven Release Plugin is used in one of the...

CVE-2019-10360

A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins...

CVE-2019-10360

A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins...

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseActiondoSubmit method allowed attackers to perform releases with attacker-specified options...

Cross site scripting

A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins...

CVE-2019-10361

Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system...

CVE-2019-10359

CVE-2019-10359 affects Jenkins Maven Release Plugin (versions 0.14.0 and earlier). The root cause is a cross-site request forgery in the M2ReleaseAction#doSubmit method, enabling attackers to perform releases with attacker-specified options. The vulnerability is documented across multiple sources...

CVE-2019-10360

CVE-2019-10360 describes a stored cross-site scripting vulnerability in Jenkins’ Maven Release Plugin (0.14.0 and earlier). The issue arises in the plugin’s web pages, where attacker-controlled data could inject arbitrary HTML/JavaScript due to insufficient validation/escaping. Impact: potential ...

CVE-2019-10361

The CVE-2019-10361 issue affects Jenkins Maven Release Plugin (0.14.0 and earlier) where credentials were stored unencrypted on the Jenkins master, specifically in the global configuration file org.jvnet.hudson.plugins.m2release.M2ReleaseBuildWrapper.xml, allowing users with master file system ac...

PT-2019-11755 · Jenkins · Jenkins Maven Release Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Maven Release Plugin versions 0.14.0 and earlier Jenkins Maven Release Plugin versions prior to 0.15.0 Description: A cross-site request forgery issue allows attackers to perform releases with attacker-specified options in the...