22 matches found
EUVD-2022-6995
Malicious code in bioql PyPI...
CVE-2022-43415
Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-30949
Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents...
GHSA-2W2M-CCF8-57CQ XXE vulnerability in Jenkins REPO Plugin
REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control which repo binary is executed on agents to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets from the...
XXE vulnerability in Jenkins REPO Plugin
REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control which repo binary is executed on agents to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets from the...
CVE-2022-43415
Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-43415
Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
PT-2022-26900 · Jenkins · Jenkins Repo Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins REPO Plugin versions 1.15.0 and earlier Description: The issue allows attackers who can control which repo binary is executed on agents to have Jenkins parse a crafted XML document. This can lead to extraction of secrets from the...
CVE-2022-43415
Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-43415
CVE-2022-43415 affects Jenkins REPO Plugin 1.15.0 and earlier. The underlying issue is that the plugin’s XML parser does not disable XML external entity (XXE) processing, enabling an attacker who can influence the repo binary on agents to cause the Jenkins controller to parse crafted XML and pote...
CVE-2022-43415
Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Jenkins plugins Multiple Vulnerabilities (2022-05-17)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Pipeline: Groovy Plugin 2689.v434009a31bf1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenki...
CVE-2022-30949
Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents...
CVE-2022-30949
Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents...
CVE-2022-30949
Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents...
Code injection
Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents...
CVE-2022-30949
Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents...
CVE-2022-30949
CVE-2022-30949 affects the Jenkins REPO Plugin, ≤1.14.0. The vulnerability allows pipelines that are configured to check out SCM repositories to access repositories stored on the Jenkins controller’s file system via local-path SCM URLs, resulting in limited information disclosure about other proj...
CVE-2022-30949
Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents...