EUVD-2019-6665

Malware in sbrugna...

EUVD-2021-9394

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-22248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper authorization on the pipelines page in GitLab CE/EE affecting all versions since 13.12 allowed unauthorized users to view some pipeline information for...

CVE-2021-22248

Improper authorization on the pipelines page in GitLab CE/EE affecting all versions since 13.12 allowed unauthorized users to view some pipeline information for public projects that have access to pipelines restricted to members only...

PT-2024-6146 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.14 through 17.1.7 GitLab CE/EE versions 17.2 through 17.2.5 GitLab CE/EE versions 17.3 through 17.3.2 Description: An issue was discovered in GitLab CE/EE that allows an attacker to trigger a pipeline as an arbitrary...

GHSA-84CM-VJWM-M979 Path traversal in Jenkins Git Mercurial and Repo Plugins

Jenkins SCMs support a number of different URL schemes, including local file system paths e.g. using file: URLs. Historically in Jenkins, only agents checked out from SCM, and if multiple projects share the same agent, there is no expected isolation between builds besides using different workspac...

CVE-2022-30952

Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins...