EUVD-2022-5205

Malicious code in bioql PyPI...

MAL-2025-982 Malicious code in selenium-plugin (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6e002fd5736f780c2fc01668d4e37d008d211fa2547b96cb960b11edd5b87d64 During installation or importing, the package downloads a small executable and register autostart of its. While it's hard to get the full activity of the...

Malicious code in selenium-plugin (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6e002fd5736f780c2fc01668d4e37d008d211fa2547b96cb960b11edd5b87d64 During installation or importing, the package downloads a small executable and register autostart of its. While it's hard to get the full activity of the...

Complete lack of CSRF protection in Jenkins Selenium Plugin can lead to OS command injection

Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints. This allows attackers to perform the following actions: - Restart the Selenium Grid hub. - Delete or replace the plugin configuration. - Start, stop, or restart Selenium configurations on specific nodes. Through...

GHSA-RP4X-XPGF-4XV7 Complete lack of CSRF protection in Jenkins Selenium Plugin can lead to OS command injection

Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints. This allows attackers to perform the following actions: - Restart the Selenium Grid hub. - Delete or replace the plugin configuration. - Start, stop, or restart Selenium configurations on specific nodes. Through...

CVE-2021-21672

Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CloudBees Jenkins Selenium Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Selenium Plugin is used in one of the support...

CVE-2020-2196

Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin...

Cross site request forgery (csrf)

Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin...

CVE-2020-2196

The CVE concerns Jenkins Selenium Plugin (versions 3.141.59 and earlier) lacking CSRF protection on HTTP endpoints. The root cause is absence of CSRF protections, enabling an attacker to perform all administrative actions exposed by the plugin (e.g., restart grid hub, modify plugin configuration,...

CVE-2020-2196

Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin...

PT-2020-15410 · Jenkins · Jenkins Selenium Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Selenium Plugin versions 3.141.59 and earlier Description: The issue concerns a lack of CSRF protection for HTTP endpoints in the Jenkins Selenium Plugin, allowing attackers to perform administrative actions. Specifically, this enable...