16 matches found
EUVD-2022-5312
Malicious code in bioql PyPI...
CVE-2021-21632
A missing permission check in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
CVE-2021-21633
A cross-site request forgery CSRF vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
GHSA-XFRW-PCMC-R2P3 Missing permission checks in Jenkins OWASP Dependency-Track Plugin allow capturing credentials
Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...
GHSA-V7XH-H48C-XW5F CSRF vulnerability and in Jenkins OWASP Dependency-Track Plugin allow capturing credentials
Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...
Jenkins Plugins Multiple Vulnerabilities (Jenkins Security Advisory 2021-03-30)
According to their self-reported version numbers, the versions of Jenkins plugins running on the remote web server are Jenkins Build With Parameters Plugin prior to 1.5.1, Cloud Statistics Plugin prior to 0.27, Extra Columns Plugin prior to 1.23, Jabber XMPP notifier and control Plugin prior to...
CloudBees Jenkins OWASP Dependency-Track Plugin Improper Authorization Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An improper authorization...
CloudBees Jenkins OWASP Dependency-Track Plugin Cross-Site Request Forgery Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site request forgery...
CVE-2021-21633
A cross-site request forgery CSRF vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
CVE-2021-21633
A cross-site request forgery CSRF vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
CVE-2021-21632
A missing permission check in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
Information disclosure
A missing permission check in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
CVE-2021-21633
A cross-site request forgery CSRF vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
CVE-2021-21633
A cross-site request forgery CSRF vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
CVE-2021-21633
A cross-site request forgery CSRF vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
CVE-2021-21632
A missing permission check in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins...