19 matches found
CVE-2022-30949
Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents...
SUSE CVE-2017-12148
A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project SCM repository definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that...
Lack of authentication mechanism in Jenkins Git Plugin webhook
Git Plugin provides a webhook endpoint at /git/notifyCommit that can be used to notify Jenkins of changes to an SCM repository. For its most basic functionality, this endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. In Gi...
Lack of authentication mechanism in Jenkins Git Plugin webhook
Git Plugin provides a webhook endpoint at /git/notifyCommit that can be used to notify Jenkins of changes to an SCM repository. For its most basic functionality, this endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. In Gi...
RCE vulnerability in SCM Filter Jervis Plugin
SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution RCE vulnerability exploitable by users able to configure jobs with the filter, or control the contents of a previously configured...
GHSA-324H-2V7H-Q3XX RCE vulnerability in Jenkins Yaml Axis Plugin
Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution RCE vulnerability exploitable by users able to configure a multi-configuration Matrix job, or control the contents of a previously...
CVE-2022-30948
Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents...
CVE-2022-20617
An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...
OS command execution vulnerability in Jenkins Docker Commons Plugin
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...
CVE-2022-20617
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...
Command injection
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...
CVE-2022-20617
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...
CVE-2019-10357
CVE-2019-10357 concerns Jenkins Pipeline: Shared Groovy Libraries Plugin (versions 2.14 and earlier). The issue is a missing permission check that allowed users with Overall/Read access to obtain limited information about content in SCM repositories referenced by global libraries. Connected docum...
CVE-2017-12148
A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project SCM repository definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that...
Design/Logic Flaw
A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project SCM repository definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that...
CVE-2017-12148
A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project SCM repository definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that...
CVE-2017-12148
A flaw was found in Tower's interface with SCM repositories. If a Tower project SCM repository definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower,...
[SECURITY] Fedora 22 Update: fusionforge-5.3.2-4.fc22
FusionForge provides many tools to aid collaboration in a development project, such as bug-tracking, task management, mailing-lists, SCM repository, forums, support request helper, web/FTP hosting, release management, etc. All these services are integrated into one web site and managed through a...
[SECURITY] Fedora 21 Update: fusionforge-5.3.2-4.fc21
FusionForge provides many tools to aid collaboration in a development project, such as bug-tracking, task management, mailing-lists, SCM repository, forums, support request helper, web/FTP hosting, release management, etc. All these services are integrated into one web site and managed through a...