49 matches found
CVE-2025-67625
CVE-2025-67625 is a CSRF vulnerability in the WordPress plugin “Trade Runner” (tmtraderunner) affecting versions from n/a through 3.14. The issue enables Cross-Site Request Forgery, potentially allowing an attacker to perform actions on behalf of an authenticated user. Affected component is the p...
CVE-2025-64135
Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb8 and earlier sets the Java system property jdk.http.auth.tunneling.disabledSchemes to an empty value, disabling a protection mechanism of the Java runtime...
Insecure Default Initialization of Resource
Overview io.jenkins.plugins:eggplant-runner is a The Eggplant DAI Plugin for Jenkins launches DAI tests from within a Jenkins pipeline. You can use it to continuously test your application using Eggplant's model-based approach to testing. For more information about Eggplant, visit...
EUVD-2025-36656
Jenkins Nexus Task Runner Plugin is missing a permission check...
EUVD-2025-36657
Jenkins Nexus Task Runner Plugin vulnerable to cross-site request forgery...
EUVD-2025-36648
Jenkins Eggplant Runner Plugin protection mechanism disabled...
CVE-2025-64142
CVE-2025-64142 affects Jenkins Nexus Task Runner Plugin versions 0.9.2 and earlier. Root cause per multiple sources: a missing permission check in the plugin’s HTTP endpoint allows an attacker with Overall/Read permission to cause the controller to connect to an attacker‑specified URL using attac...
Jenkins Nexus Task Runner Plugin 安全漏洞
Jenkins Nexus Task Runner Plugin is an open source plugin for Jenkins. A security vulnerability exists in Jenkins Nexus Task Runner Plugin version 0.9.2 and earlier, which stems from vulnerability to a cross-site request forgery attack that could result in a connection to an attacker-specified UR...
PT-2025-44290
Name of the Vulnerable Software and Affected Versions Jenkins Nexus Task Runner Plugin versions 0.9.2 and earlier Description A cross-site request forgery CSRF issue exists in the Jenkins Nexus Task Runner Plugin. This allows attackers to connect to a URL specified by the attacker, using...
PT-2025-44291
Name of the Vulnerable Software and Affected Versions Jenkins Nexus Task Runner Plugin versions 0.9.2 and earlier Description A missing permission check allows attackers with Overall/Read permission to connect to a URL specified by the attacker, using credentials also specified by the attacker. T...
EUVD-2022-2192
Malicious code in bioql PyPI...
CVE-2020-2285
A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2019-10380
Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code...
CVE-2018-1000146
An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...
SUSE CVE-2018-1000146
An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...
Missing permission check in Jenkins Liquibase Runner Plugin allows enumerating credentials IDs
Liquibase Runner Plugin 1.4.7 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...
Stored XSS vulnerability in Jenkins Liquibase Runner Plugin
Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents when showing them on the build page. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide Liquibase changesets evaluated by the plugin. Liquibase Runner Plugin 1.4.7 no...
XXE vulnerability in Jenkins Liquibase Runner Plugin
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to provide Liquibase changesets evaluated by the plugin to have Jenkins parse a crafted XML file that uses external entities for extraction of...
GHSA-44CM-P9Q7-RR3P Missing permission check in Jenkins Liquibase Runner Plugin allows enumerating credentials IDs
Liquibase Runner Plugin 1.4.7 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...
GHSA-XX7G-F287-F9FQ XXE vulnerability in Jenkins Liquibase Runner Plugin
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to provide Liquibase changesets evaluated by the plugin to have Jenkins parse a crafted XML file that uses external entities for extraction of...