12 matches found
EUVD-2022-0889
Malicious code in bioql PyPI...
CVE-2022-25198
A cross-site request forgery CSRF vulnerability in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...
GHSA-7G7G-82FP-HPXX CSRF vulnerability in Jenkins SCP publisher Plugin
SCP publisher Plugin 1.8 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. Additionally, this form validation method does...
CVE-2022-25199
A missing permission check in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials...
CVE-2022-25198
A cross-site request forgery CSRF vulnerability in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...
CVE-2022-25198
A cross-site request forgery CSRF vulnerability in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...
CVE-2022-25199
A missing permission check in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...
CVE-2022-25199
CVE-2022-25199 : Jenkins SCP Publisher Plugin, versions 1.8 and earlier, lacks a permission check in a form-validation method. This enables attackers with Overall/Read permission to connect to an attacker‑specified SSH server using attacker‑specified credentials, and the flawed flow also enables ...
CVE-2022-25198
The CVE-2022-25198 entry pertains to Jenkins SCP publisher Plugin versions 1.8 and earlier, which expose a cross-site request forgery (CSRF) vulnerability. The flaw allows an attacker, with Overall/Read permission, to cause the Jenkins controller to connect to an attacker‑specified SSH server usi...
Jenkins 插件权限许可和访问控制问题漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins SCP publisher Plugin 1.8 and earlier versions have an access control error vulnerability that stems from not...
PT-2022-17138 · Jenkins · Jenkins Ftp Publisher Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins SCP publisher Plugin versions 1.8 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. The...