18 matches found
EUVD-2022-5743
Malicious code in bioql PyPI...
EUVD-2022-4980
Malicious code in bioql PyPI...
CVE-2020-2116
A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2020-2118
A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
CSRF vulnerability in Pipeline GitHub Notify Step Plugin allows capturing credentials
A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Missing permission checks in Pipeline GitHub Notify Step Plugin allows capturing credentials
A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CloudBees Jenkins Pipeline GitHub Notify Step Plugin Authorization Issue Vulnerability (CNVD-2020-11649)
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . An authorization issue vulnerability exists in Pipeline GitHub Notify Step Plugin 1.0.4 and earlier versions in CloudBees Jenkins. The vulnerability stems from a...
CVE-2020-2118
A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
CVE-2020-2116
A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2020-2118
A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
Design/Logic Flaw
A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2020-2118
A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
CVE-2020-2118
CVE-2020-2118 concerns Jenkins Pipeline GitHub Notify Step Plugin (versions 1.0.4 and earlier). The issue is a missing permission check in form-related methods that lets users with Overall/Read access enumerate credentials IDs stored in Jenkins. This disclosure could facilitate credential harvest...
CVE-2020-2117
Summary: CVE-2020-2117 affects Jenkins Pipeline GitHub Notify Step Plugin (versions 1.0.4 and earlier). A missing permission check allows attackers with Overall/Read permission to connect to an attacker‑specified URL using attacker‑specified credentials IDs, potentially capturing credentials stor...
CVE-2020-2116
CVE-2020-2116 describes a CSRF flaw in Jenkins Pipeline GitHub Notify Step Plugin (versions 1.0.4 and earlier). The vulnerability allows an attacker to cause Jenkins to connect to an attacker‑controlled URL using attacker‑provided credentials IDs, potentially exposing stored credentials. Root cau...
CVE-2020-2117
A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
PT-2020-15323 · Jenkins · Jenkins Pipeline Github Notify Step Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline GitHub Notify Step Plugin versions 1.0.4 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing...