33 matches found
EUVD-2022-6372
Malicious code in bioql PyPI...
EUVD-2022-6850
Malicious code in bioql PyPI...
EUVD-2022-6200
Malicious code in bioql PyPI...
CVE-2022-41241
Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-34809
Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2022-34810
A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
GHSA-J8XR-2279-88QJ Jenkins RQM Plugin vulnerable to Improper Restriction of XML External Entity Reference
Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to provide crafted API responses from Rational Quality Manager to have Jenkins parse a crafted XML document that uses external entities for extraction of...
Jenkins RQM Plugin vulnerable to Improper Restriction of XML External Entity Reference
Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to provide crafted API responses from Rational Quality Manager to have Jenkins parse a crafted XML document that uses external entities for extraction of...
CVE-2022-41241
Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-41241
Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-41241
Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-41241
Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-41241
CVE-2022-41241 affects Jenkins RQM Plugin 2.8 and earlier. The root cause is improper configuration of the XML parser that fails to prevent XML External Entity (XXE) attacks. According to the NVD/CVE records, the vulnerability has high impact on confidentiality and integrity and a network attack ...
PT-2022-25757 · Jenkins · Jenkins Rqm Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins RQM Plugin versions 2.8 and earlier Description: The issue is related to the XML parser not being configured to prevent XML external entity XXE attacks. This allows attackers to provide crafted API responses that can be used to extrac...
Jenkins RQM Plugin 代码问题漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A code issue vulnerabilit...
Jenkins RQM Plugin Information Disclosure Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. An attacker could exploit this vulnerability to allow a user with access to t...
GHSA-2348-CCQJ-8P27 Jenkins RQM Plugin allows enumerating credentials IDs due to missing permission check
Jenkins RQM Plugin 2.8 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerabili...
Jenkins RQM Plugin allows enumerating credentials IDs due to missing permission check
Jenkins RQM Plugin 2.8 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerabili...
GHSA-M59Q-VGQ9-75CR Password stored in plain text by Jenkins RQM Plugin
RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file net.praqma.jenkins.rqm.RqmBuilder.xml on the Jenkins controller as part of its configuration. This password can be viewed by users with access to the Jenkins controller file system...