CVE-2026-29080

A SQL injection vulnerability in FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. On Oracle deployments attacker-controlled filter keys and values are interpolated directl...

GHSA-6J7P-QJHG-9947 Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API

Summary A SQL injection vulnerability in FilterEngine.createpostgresquery allows any authenticated Rucio user to execute arbitrary SQL against the configured PostgreSQL metadata database through the DID search endpoint GET /dids//dids/search. When the external metadata plugin postgresmeta is...

Rucio has SQL Injection in FilterEngine Oracle JSON Path via DID Search API

Summary A SQL injection vulnerability in the Oracle path of FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. Attacker-controlled filter keys and values are interpolated...

EUVD-2022-6289

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-16852

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itsel...

CVE-2022-34190

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

CVE-2022-36905

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

GHSA-8294-MV9C-7M5H Stored XSS vulnerability in Jenkins Maven Metadata Plugin for Jenkins CI server plugin

Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-36905

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-36905

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-36905

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-36905

The CVE-2022-36905 entry describes a stored XSS in Jenkins Maven Metadata Plugin for Jenkins CI server plugin versions 2.2 and earlier, caused by missing URL validation for the Repository Base URL of the List maven artifact versions parameter. The impact is exploitable by attackers with Item/Conf...

PT-2022-4039 · Jenkins · Jenkins Maven Metadata Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Maven Metadata Plugin versions 2.2 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs due to the lack of URL validation for the Repository Base URL of List maven artifact versio...

Cross-site Scripting in Jenkins Maven Metadata Plugin

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

CVE-2022-34190

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

Cross site scripting

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

CVE-2022-34190

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

CVE-2022-34190

CVE-2022-34190 affects Jenkins Maven Metadata Plugin for Jenkins CI server (plugin 2.1 and earlier). The vulnerability is a stored XSS due to unescaped names/descriptions of List maven artifact versions parameters on parameter-displaying views, exploitable by attackers with Item/Configure permiss...

PT-2022-22059 · Jenkins · Jenkins Core +3

Name of the Vulnerable Software and Affected Versions: Jenkins Maven Metadata Plugin for Jenkins CI server Plugin versions 2.1 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the plugin does not escape the name and description of...

com.cloudbees.jenkins.plugins:additional-identities-plugin (=1.1), com.sonyericsson.hudson.plugins.rebuild:rebuild (>=1.15 <=1.27) +30 more potentially affected by CVE-2012-6073 via org.jenkins-ci.main:jenkins-core (>=1.481 <=1.490)

org.jenkins-ci.main:jenkins-core MAVEN version =1.481, =1.15, =1.1, =0.2.0, =0.1.0, =1.0.0, =1.481, =1.481, =1.481, =1.481, =1.0, =1.1 - org.jenkins-ci.modules:slave-installer =1.0 - org.jenkins-ci.modules:upstart-slave-installer =1.0 - org.jenkins-ci.modules:windows-slave-installer =1.0 and more...