28 matches found
EUVD-2022-7761
Malicious code in bioql PyPI...
CVE-2022-46682
Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-34783
Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Jenkins plugins Multiple Vulnerabilities (2022-12-07)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. CVE-2022-46682 - Jenki...
GHSA-WGPP-G6V9-7HXP Jenkins Plot Plugin XML External Entity Reference vulnerability
Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control XML input files for the 'Plot build data' build step to have Jenkins parse a crafted file that uses external entities for extraction of secret...
Jenkins Plot Plugin XML External Entity Reference vulnerability
Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control XML input files for the 'Plot build data' build step to have Jenkins parse a crafted file that uses external entities for extraction of secret...
CVE-2022-46682
Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-46682
Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-46682
Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
PT-2022-27946 · Jenkins · Jenkins Plot Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Plot Plugin versions 2.1.11 and earlier Description: The issue allows attackers who can control XML input files for the 'Plot build data' build step to have Jenkins parse a crafted file that uses external entities for extraction of...
CVE-2022-46682
CVE-2022-46682 affects Jenkins Plot Plugin 2.1.11 and earlier. The root cause is that the plugin’s XML parser did not disable external entity resolution, enabling XXE attacks. Impact is high (CVE metrics show critical severity with potential confidentiality, integrity, and availability impacts). ...
Jenkins Plot Plugin 代码问题漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. A code issue vulnerability...
CVE-2022-46682
Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
GHSA-HPF7-MMQW-G6VQ Cross-site Scripting in Jenkins Plot Plugin
Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
org.jenkins-ci.plugins:php (=1.0), org.jenkins-ci.plugins:silk-performer-plugin (>=2.0.0-beta <=2.0.1-beta) potentially affected by CVE-2022-34783 via org.jenkins-ci.plugins:plot (>=1.5 <=2.1.0)
org.jenkins-ci.plugins:plot MAVEN version =1.5, =2.0.0-beta, =2.0.1-beta Source cves: CVE-2022-34783 Source advisory: OSV:GHSA-HPF7-MMQW-G6VQ...
Cross-site Scripting in Jenkins Plot Plugin
Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34783
Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34783
Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Cross site scripting
Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...