13 matches found
EUVD-2022-6749
Malicious code in bioql PyPI...
CVE-2022-41236
A cross-site request forgery CSRF vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified repor...
Jenkins plugins Multiple Vulnerabilities (2022-09-21)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins 2.367 through 2.369 both inclusive does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins...
CSRF vulnerability in Jenkins Security Inspector plugin
Security Inspector Plugin 117.v6eecc36919c2 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to replace the generated report stored in a per-session cache and displayed to authorized...
GHSA-933X-5G7R-773Q CSRF vulnerability in Jenkins Security Inspector plugin
Security Inspector Plugin 117.v6eecc36919c2 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to replace the generated report stored in a per-session cache and displayed to authorized...
CVE-2022-41236
A cross-site request forgery CSRF vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified repor...
CVE-2022-41236
A cross-site request forgery CSRF vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified repor...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified repor...
CVE-2022-41236
A cross-site request forgery CSRF vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified repor...
CVE-2022-41236
A cross-site request forgery CSRF vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified repor...
CVE-2022-41236
The CVE-2022-41236 entry concerns the Jenkins Security Inspector Plugin (117.v6eecc36919c2 and earlier). The vulnerability is a cross-site request forgery (CSRF) that allows an attacker to replace the per-session cached report displayed at the …/report URL with a report generated from attacker-co...
CVE-2022-41236
A cross-site request forgery CSRF vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified repor...
PT-2022-4908 · Jenkins · Jenkins Security Inspector Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Security Inspector Plugin versions 117.v6eecc36919c2 and earlier Description: The issue is related to insufficient authentication of executed POST requests, allowing a remote attacker to perform a cross-site request forgery CSRF attac...