12 matches found
EUVD-2022-4492
Malicious code in bioql PyPI...
CVE-2020-2092
Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...
CVE-2025-47948 Cocotais Bot has builtin .echo command injection
Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized...
GHSA-M53P-F25Q-Q6FG XXE vulnerability in Jenkins Robot Framework Plugin
Robot Framework Plugin 2.0.0 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the 'Publish Robot Framework' post-build step to have Jenkins parse a crafted file that uses external entities for extracti...
XXE vulnerability in Jenkins Robot Framework Plugin
Robot Framework Plugin 2.0.0 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the 'Publish Robot Framework' post-build step to have Jenkins parse a crafted file that uses external entities for extracti...
CloudBees Jenkins Robot Framework Plugin Code Issue Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . CloudBees Jenkins Robot...
CVE-2020-2092
Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...
CVE-2020-2092
Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...
Xxe
Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...
CVE-2020-2092
Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...
CVE-2020-2092
CVE-2020-2092 affects Jenkins Robot Framework Plugin (versions ≤ 2.0.0). The issue is that the XML parser is not configured to prevent XML External Entity (XXE) attacks, enabling users with Job/Configure to submit crafted XML documents that may expose secrets, enable SSRF, or cause denial of serv...
PT-2020-15298 · Jenkins · Jenkins Robot Framework Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Robot Framework Plugin versions 2.0.0 and earlier Description: The issue allows users with specific permissions to have Jenkins parse crafted XML documents, potentially leading to extraction of secrets from the Jenkins controller,...