EUVD-2022-5557

Malicious code in bioql PyPI...

XXE vulnerability in Jenkins Nerrvana Plugin

Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with Overall/Read permission to have Jenkins parse a crafted HTTP request with XML data that uses external entities for extraction of secrets from the...

GHSA-WCRG-92WP-4H28 XXE vulnerability in Jenkins Nerrvana Plugin

Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with Overall/Read permission to have Jenkins parse a crafted HTTP request with XML data that uses external entities for extraction of secrets from the...

CloudBees Jenkins Nerrvana Plugin Code Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Audit Trail Plugin is used in one of the audi...

CVE-2020-2298

Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2298

Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2298

CVE-2020-2298 affects Jenkins Nerrvana Plugin versions 1.02.06 and earlier. The root cause is that the plugin’s XML parser is not configured to prevent XML external entity (XXE) attacks. Impact described across sources includes potential exposure of secrets via crafted XML data parsed by Jenkins,...

CVE-2020-2298

Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...