CVE-2023-40347

Jenkins Maven Artifact ChoiceListProvider Nexus Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to...

GHSA-H83R-7F9F-MQJJ Jenkins Nexus Task Runner Plugin is missing a permission check

Jenkins Nexus Task Runner Plugin 0.9.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. Additionally, this endpoint does not require POST...

EUVD-2023-3098

Malicious code in bioql PyPI...

EUVD-2022-3796

Malicious code in bioql PyPI...

CVE-2023-50767

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML...

GHSA-4GFC-72GW-V385 Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability

Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. Additionally, the plugin does not...

Design/Logic Flaw

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML...

CVE-2023-50768

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

PT-2023-31635 · Jenkins · Jenkins Nexus Platform Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Nexus Platform Plugin versions 3.18.0-03 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML. The plugin does not...

CVE-2023-40347

Jenkins Maven Artifact ChoiceListProvider Nexus Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to...

PT-2023-5742 · Jenkins · Jenkins Maven Artifact Choicelistprovider (Nexus) Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Maven Artifact ChoiceListProvider Nexus Plugin versions 1.14 and earlier Description: The issue is related to insufficient protection of registration data, allowing attackers with Item/Configure permission to access and capture...

WordPress NEXUS Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software NEXUS Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 29099b6f6f6d Credits Rafie Muhammad Patchstack Required privilege...

WordPress NEXUS plugin <= 2.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress NEXUS plugin versions = 2.0. Solution No patched version available...

CloudBees Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin Information Disclosure Vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Maven Artifact ChoiceListProvider...

CVE-2018-1999030

An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider Nexus Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known...

CVE-2018-1999030

An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider Nexus Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known...