EUVD-2022-2185

Malicious code in bioql PyPI...

GHSA-JQ84-6FMM-6QV6 OS command execution vulnerability in Perfecto Plugin

Perfecto Plugin allows specifying Perfecto Connect Path and Perfecto Connect File Name in job configurations. This command is executed on the Jenkins controller in Perfecto Plugin 1.17 and earlier, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controlle...

Missing permission check in Perfecto Plugin

Perfecto Plugin 1.17 and earlier does not perform a permission check in a method implementing a connection test. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified username and password. Perfecto Plugin 1.18 requires...

GHSA-3H2Q-M63Q-9CF6 Missing permission check in Perfecto Plugin

Perfecto Plugin 1.17 and earlier does not perform a permission check in a method implementing a connection test. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified username and password. Perfecto Plugin 1.18 requires...

OS command execution vulnerability in Perfecto Plugin

Perfecto Plugin allows specifying Perfecto Connect Path and Perfecto Connect File Name in job configurations. This command is executed on the Jenkins controller in Perfecto Plugin 1.17 and earlier, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controlle...

CloudBees Jenkins Perfecto Arbitrary Command Execution Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . Jenkins Perfecto plugin versi...

CloudBees Jenkins Perfecto Privilege Control Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A privilege control...

CVE-2020-2260

A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials...

CVE-2020-2260

A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials...

CVE-2020-2261

Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller...

CVE-2020-2261

Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller...

Design/Logic Flaw

A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials...

Command injection

Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller...

CVE-2020-2261

Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller...

CVE-2020-2261

CVE-2020-2261 concerns the Jenkins Perfecto Plugin (versions ≤ 1.17). The issue allows users with Job/Configure permission to cause arbitrary commands to run on the Jenkins controller by how the plugin handles Perfecto Connect Path/File Name in job configurations. The root cause is execution of a...

CVE-2020-2260

CVE-2020-2260 affects Jenkins Perfecto Plugin (versions 1.17 and earlier). A missing permission check in the connection-test method allows attackers with Overall/Read to connect to an attacker-specified HTTP URL using attacker-specified credentials, exposing potential abuse. Public advisories (GH...

CVE-2020-2260

A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials...

PT-2020-15485 · Jenkins · Jenkins Perfecto Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Perfecto Plugin versions 1.17 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials,...

PT-2020-15486 · Jenkins · Jenkins Perfecto Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Perfecto Plugin versions 1.17 and earlier Description: The issue allows attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller. This is possible because the Perfecto Plugin executes a command on th...