58 matches found
EUVD-2022-2520
Malicious code in bioql PyPI...
EUVD-2022-5714
Malicious code in bioql PyPI...
EUVD-2022-7114
Malicious code in bioql PyPI...
EUVD-2022-5423
Malicious code in bioql PyPI...
Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access.
...
plugin: Mercurial SCM plugin can check out from the controller file system
A flaw was found in the Jenkins plugin. Affected versions of the Jenkins Mercurial Plugin allow attackers who can configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system. This is accomplished by using local paths as SCM URLs, obtaining limited...
Webhook endpoint discloses job names to unauthorized users in Jenkins Mercurial Plugin
Mercurial Plugin provides a webhook endpoint at /mercurial/notifyCommit that can be used to notify Jenkins of changes to an SCM repository. This endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. It can be accessed with GET...
GHSA-J7PG-863G-22P6 Webhook endpoint discloses job names to unauthorized users in Jenkins Mercurial Plugin
Mercurial Plugin provides a webhook endpoint at /mercurial/notifyCommit that can be used to notify Jenkins of changes to an SCM repository. This endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. It can be accessed with GET...
CVE-2022-43410
Jenkins Mercurial Plugin 1251.vab121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access...
Design/Logic Flaw
Jenkins Mercurial Plugin 1251.vab121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access...
Jenkins Plugin Mercurial 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
CVE-2022-43410
CVE-2022-43410 concerns the Jenkins Mercurial Plugin (1251.va_b_121f184902 and earlier) where the webhook endpoint /mercurial/notifyCommit can reveal which jobs were triggered or scheduled for polling, including those the viewer lacks permission to access. This constitutes information disclosure ...
CVE-2022-43410
Jenkins Mercurial Plugin 1251.vab121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access...
CVE-2022-43410
Jenkins Mercurial Plugin 1251.vab121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access...
PT-2022-26895 · Jenkins · Jenkins Mercurial Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Mercurial Plugin versions 1251.va b 121f184902 and earlier Description: The Mercurial Plugin provides a webhook endpoint at "/mercurial/notifyCommit" that can be used to notify Jenkins of changes to an SCM repository. This endpoint...
CVE-2022-43410
Jenkins Mercurial Plugin 1251.vab121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access...
Jenkins plugins Multiple Vulnerabilities (2022-05-17)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Pipeline: Groovy Plugin 2689.v434009a31bf1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenki...
GHSA-X58R-WXC3-7PQR XXE vulnerability in Jenkins Mercurial Plugin
Jenkins Mercurial Plugin prior to 2.12, 2.10.1, 2.9.1, and 2.8.1 does not configure its XML changelog parser to prevent XML external entity XXE attacks. This allows attackers able to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction...
Missing Authorization in Jenkins Mercurial Plugin
Mercurial Plugin prior to 2.12, 2.10.1, 2.9.1, and 2.8.1 does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations. Mercurial Plugin 2.12, 2.10.1, 2.9.1, and 2.8.1 performs permission...
XXE vulnerability in Jenkins Mercurial Plugin
Jenkins Mercurial Plugin prior to 2.12, 2.10.1, 2.9.1, and 2.8.1 does not configure its XML changelog parser to prevent XML external entity XXE attacks. This allows attackers able to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction...