EUVD-2022-2895

Malicious code in bioql PyPI...

CVE-2022-28149

Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-28152

A cross-site request forgery CSRF vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job...

CVE-2022-28150

A cross-site request forgery CSRF vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job...

CVE-2022-28152

A cross-site request forgery CSRF vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job...

CVE-2022-28150

A cross-site request forgery CSRF vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job...

CVE-2022-28149

Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-28151

A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job...

CVE-2022-28150

A cross-site request forgery CSRF vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job...

CVE-2022-28151

A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job...

CVE-2022-28152

The CVE-2022-28152 entry concerns a CSRF vulnerability in Jenkins Job and Node ownership Plugin (versions 0.13.0 and earlier) that allows an attacker to restore the default ownership of a job. This is documented across multiple sources (OSV, CNVD/CNNVD, CVE listings) confirming the affected compo...

CVE-2022-28152

A cross-site request forgery CSRF vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job...

CVE-2022-28149

CVE-2022-28149 affects Jenkins “Job and Node ownership” Plugin (versions 0.13.0 and earlier). The issue arises because secondary owner names are not escaped, causing stored XSS. Exploitation requires Item/Configure permission to trigger JavaScript execution in the client. No remediation details a...

Jenkins Job and Node ownership Plugin 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Job and Node ownership Plugin...

PT-2022-18850 · Jenkins · Jenkins Job/Node Ownership Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Job and Node ownership Plugin versions 0.13.0 and earlier Description: A missing permission check in the plugin allows attackers with Item/Read permission to change the owners and item-specific permissions of a job. Recommendations: F...

Jenkins Job and Node ownership Plugin 跨站脚本漏洞

Jenkins is an application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Job and Node ownership Plugin 0.13.0 and earlier versions have a cross-site scripting vulnerability that stems from unescaped secondar...

Jenkins Job and Node ownership Plugin 访问控制错误漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Job and Node ownership Plugin 0.13.0 and earlier versions are vulnerable to an authorization issue that stems from...

PT-2022-18848 · Jenkins · Jenkins Job/Node Ownership Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Job and Node ownership Plugin versions 0.13.0 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the names of the secondary owners are not properly escaped, allowing...

PT-2022-18851 · Jenkins · Jenkins Job/Node Ownership Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Job and Node ownership Plugin versions 0.13.0 and earlier Description: A cross-site request forgery CSRF issue allows attackers to restore the default ownership of a job. This can be exploited by attackers to potentially gain...