Lucene search
K

6 matches found

NVD
NVD
added 2026/03/07 3:15 p.m.6 views

CVE-2026-29185

Backstage is an open framework for building developer portals. Prior to version 1.20.1, a vulnerability in the SCM URL parsing used by Backstage integrations allowed path traversal sequences in encoded form to be included in file paths. When these URLs were processed by integration functions that...

2.7CVSS0.00348EPSS
Exploits0References1
OSV
OSV
added 2026/03/05 12:20 a.m.5 views

GHSA-95V5-PRP4-5GV5 Backstage vulnerable to potential reading of SCM URLs using built in token

Impact A vulnerability in the SCM URL parsing used by Backstage integrations allowed path traversal sequences in encoded form to be included in file paths. When these URLs were processed by integration functions that construct API URLs, the traversal segments could redirect requests to unintended...

2.7CVSS5.9AI score0.00348EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/08/16 3:30 p.m.27 views

Jenkins Blue Ocean Plugin cross-site request forgery vulnerability

Jenkins Blue Ocean Plugin 1.27.5 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an...

8.8CVSS6.7AI score0.00537EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/08/16 3:30 p.m.21 views

GHSA-G4PQ-P927-7PGG Jenkins Blue Ocean Plugin cross-site request forgery vulnerability

Jenkins Blue Ocean Plugin 1.27.5 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an...

5.4CVSS8.6AI score0.00537EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2022/05/17 2:6 p.m.61 views

CVE-2022-30949

Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents...

5.3CVSS3.4AI score0.00958EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/05/17 2:6 p.m.24 views

CVE-2022-30948

Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents...

7.6AI score0.01295EPSS
Exploits0References2
Rows per page
Query Builder