20 matches found
EUVD-2022-6335
Malicious code in bioql PyPI...
EUVD-2022-6350
Malicious code in bioql PyPI...
CVE-2022-36911
A cross-site request forgery CSRF vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL...
CVE-2022-36912
A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...
Jenkins Openstack Heat Plugin does not perform permission checks in methods implementing form validation
Jenkins openstack-heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. A sequence of requests...
CVE-2022-36913
Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...
CVE-2022-36913
Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...
CVE-2022-36911
A cross-site request forgery CSRF vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL...
CVE-2022-36911
A cross-site request forgery CSRF vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL...
Design/Logic Flaw
A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...
CVE-2022-36913
The CVE-2022-36913 entry concerns Jenkins Openstack Heat Plugin versions 1.5 and earlier, which do not perform permission checks in methods implementing form validation. The underlying issue enables attackers with Overall/Read permission to check for the existence of an attacker-specified file pa...
CVE-2022-36912
Affected software: Jenkins Openstack Heat Plugin (versions 1.5 and earlier). Root cause: missing permission check in methods implementing form validation. Impact: attackers with Overall/Read permissions can connect to an attacker-specified URL (no other impact described). Status/mitigation: no ex...
CVE-2022-36912
A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...
CVE-2022-36911
A cross-site request forgery CSRF vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL...
CVE-2022-36911
Consolidated details show a CSRF vulnerability in Jenkins Openstack Heat Plugin (version 1.5 and earlier). The underlying issue is lack of permission checks in methods implementing form validation, which do not require POST requests, enabling an attacker to trigger connections to an attacker-spec...
Jenkins Openstack Heat Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2022-4011 · Jenkins · Jenkins Openstack Heat Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Openstack Heat Plugin versions 1.5 and earlier Description: The issue is related to insufficient authorization procedures in the Jenkins Openstack Heat Plugin, allowing remote attackers with Overall/Read permission to gain unauthorize...
PT-2022-4015 · Jenkins · Jenkins Openstack Heat Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Openstack Heat Plugin versions 1.5 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL. The issue is related to the lack of permission checks in methods...
PT-2022-4012 · Jenkins · Jenkins Openstack Heat Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Openstack Heat Plugin versions 1.5 and earlier Description: The issue is related to insufficient authorization procedures in the Jenkins Openstack Heat Plugin, allowing a remote attacker to perform URL redirection. A missing permissio...