Lucene search
K

40 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2022-4224

Malicious code in bioql PyPI...

4.8CVSS5AI score0.00992EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-2884

Malicious code in bioql PyPI...

4.8CVSS5.2AI score0.00702EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 3:18 p.m.8 views

CVE-2020-2137

Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML formatting of its output, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission...

4.8CVSS5.6AI score0.00702EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2023/11/29 3:30 p.m.32 views

Jenkins NeuVector Vulnerability Scanner Plugin Cross-Site Request Forgery vulnerability

Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...

8.8CVSS7AI score0.00447EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/20 6:30 p.m.32 views

Jenkins Build Failure Analyzer Plugin missing permission check

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, th...

6.5CVSS6.6AI score0.00504EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/12 6:30 p.m.26 views

Jenkins SAML Single Sign On(SSO) Plugin missing permission check

Jenkins SAML Single Sign OnSSO Plugin 2.3.0 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to download a string representation of the current security realm Java ObjecttoString, which potentially includes sensitive...

4.3CVSS6.5AI score0.00371EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/11/15 8:15 p.m.32 views

CVE-2022-45383

An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fabd860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission...

6.5CVSS0.00649EPSS
Exploits0References2
OSV
OSV
added 2022/09/22 12:0 a.m.28 views

GHSA-JJCH-7G85-4M72 Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 requires POST requests and Overall/Administer...

4.3CVSS8.6AI score0.00462EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/09/22 12:0 a.m.32 views

Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 requires POST requests and Overall/Administer...

8.8CVSS8.2AI score0.00462EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.6 views

PT-2022-25742 · Jenkins · Jenkins Ns-Nd Integration Performance Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NS-ND Integration Performance Publisher Plugin versions 4.8.0.129 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified webserver using attacker-specified...

8.8CVSS8.6AI score0.00462EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/07/01 12:1 a.m.47 views

Incorrect Authorization in Jenkins requests-plugin

An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. requests-plugin Plugin 2.2.17 requires Overall/Administer permission to view the list of pending requests. This is basically the...

4.3CVSS4.7AI score0.00516EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 7:4 p.m.33 views

CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin allows capturing credentials

A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...

8.8CVSS7.4AI score0.00662EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 5:35 p.m.20 views

GHSA-MR75-899X-QCXQ Missing permission checks in Jenkins Chaos Monkey Plugin

Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to generate load and to generate memory leaks. Jenkins Chaos Monkey Plugin 0.4 requires Overall/Administer permission to generate load and t...

7.5CVSS7.4AI score0.01323EPSS
Exploits0References4
OSV
OSV
added 2022/05/24 5:35 p.m.30 views

GHSA-HX53-635R-VMV8 Missing permission checks in Jenkins Chaos Monkey Plugin

Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint. This allows attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions. Jenkins Chaos Monkey Plugin 0.4.1 requires Overall/Administer permission to...

5.3CVSS5.1AI score0.00824EPSS
Exploits0References4
OSV
OSV
added 2022/05/24 5:33 p.m.31 views

GHSA-RR6J-37CV-C7X7 Missing Authorization in Jenkins Kubernetes Plugin

Jenkins Kubernetes Plugin prior to 1.27.4, 1.26.5, 1.25.4.1, and 1.21.6 does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to list global pod template names. Kubernetes Plugin 1.27.4, 1.26.5, 1.25.4.1, and 1.21.6 requires Overall/Administer...

4.3CVSS5.2AI score0.01144EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 5:33 p.m.23 views

Missing permission check in Jenkins Active Directory Plugin allows accessing domain health check page

Jenkins Active Directory Plugin 2.19 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to access the domain health check diagnostic page. Jenkins Active Directory Plugin 2.20 requires Overall/Administer permission to access the...

4.3CVSS4.8AI score0.00668EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:29 p.m.24 views

Missing permission check in Jenkins Implied Labels Plugin allows reconfiguring the plugin

Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to configure the plugin. Implied Labels Plugin 0.7 requires Overall/Administer permission to configure the plugin...

4.3CVSS4.9AI score0.00656EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 5:10 p.m.14 views

GHSA-6XXF-RWV4-MRJM Stored XSS vulnerability in Jenkins Timestamper Plugin

Timestamper Plugin 1.11.1 and earlier does not escape or sanitize the HTML formatting used to display the timestamps in console output for builds. This results in a stored cross-site scripting vulnerability that can be exploited by users with Overall/Administer permission. Timestamper Plugin 1.11...

4.8CVSS4.7AI score0.00702EPSS
Exploits0References5
OSV
OSV
added 2022/05/24 5:6 p.m.35 views

GHSA-H72V-652W-XV64 Missing permission checks in Health Advisor by CloudBees Plugin

Health Advisor by CloudBees Plugin 3.0 and earlier does not perform permission checks in methods performing form validation. This allows users with Overall/Read access to send an email with fixed content to an attacker-specified recipient. Additionally, these form validation methods do not requir...

5CVSS4.4AI score0.00823EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 4:52 p.m.24 views

Jenkins JClouds Plugin missing permission check

Jenkins JClouds Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored ...

6.5CVSS6.5AI score0.00974EPSS
Exploits0References10Affected Software1
Rows per page
Query Builder