EUVD-2023-1161

Malicious code in bioql PyPI...

CVE-2023-30519

A missing permission check in Jenkins Quay.io trigger Plugin 0.1 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository...

CVE-2023-30520

Jenkins Quay.io trigger Plugin 0.1 and earlier does not limit URL schemes for repository homepage URLs submitted via Quay.io trigger webhooks, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to submit crafted Quay.io trigger webhook payloads...

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.15 Multiple Vulnerabilities (CloudBees Security Advisory 2023-04-12)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.15. It is, therefore, affected by multiple vulnerabilities including the following: - Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask i.e....

CVE-2023-30519

A missing permission check in Jenkins Quay.io trigger Plugin 0.1 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository...

CVE-2023-30520

Jenkins Quay.io trigger Plugin 0.1 and earlier does not limit URL schemes for repository homepage URLs submitted via Quay.io trigger webhooks, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to submit crafted Quay.io trigger webhook payloads...

CVE-2023-30519

CVE-2023-30519 affects Jenkins Quay.io trigger Plugin 0.1 and earlier, where a missing permission check allows unauthenticated attackers to trigger builds of jobs for an attacker-specified repository via the webhook endpoint (quotayio-webhook) exposed without authentication. Connected sources con...

CVE-2023-30520

The CVE-2023-30520 entry refers to Jenkins Quay.io trigger Plugin version 0.1 and earlier, which does not constrain URL schemes for repository homepage URLs submitted via Quay.io trigger webhooks, enabling a stored XSS vulnerability when attackers submit crafted webhook payloads. The issue is doc...

PT-2023-22748 · Jenkins · Jenkins Quay.Io Trigger Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Quay.io trigger Plugin versions 0.1 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the plugin does not limit URL schemes for repository homepage URLs submitted via...

Jenkins Plugin Quay.io trigger 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...