4 matches found
EUVD-2025-0210
Malicious code in bioql PyPI...
Incorrect permission check in Jenkins GitLab Plugin allows enumerating credentials IDs
The Jenkins GitLab Plugin 1.9.6 and earlier does not correctly perform a permission check in an HTTP endpoint. This allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credential IDs of GitLab API token credentials and...
CVE-2025-24397
An incorrect permission check in Jenkins GitLab Plugin 1.9.6 and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credential IDs of GitLab API token and Secret text credentials stored in Jenkins...
PT-2021-14676 · Jenkins · Jenkins Owasp Dependency-Track Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins OWASP Dependency-Track Plugin versions 3.1.0 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins. The issue arises...