Topology Generation of UAV Covert Communication Networks: a Graph Diffusion Approach with Incentive Mechanism

With the growing demand for Uncrewed Aerial Vehicle UAV networks in sensitive applications, such as urban monitoring, emergency response, and secure sensing, ensuring reliable connectivity and covert communication has become increasingly vital. However, dynamic mobility and exposure risks pose...

Jenkins Self-Organizing Swarm Plug-in Modules Plugin XXE vulnerability via UDP broadcast response

Jenkins Swarm Plugin allows clients to auto-discover Jenkins instances on the same network through a UDP discovery request. Responses to this request are XML documents. Swarm Plugin does not configure the XML parser in a way that would prevent XML External Entity XXE processing. This allows...

CloudBees Jenkins Self-Organizing Swarm Plug-in Modules Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks.Self-Organizing Swarm Plug-in Modules Plugin is a plug-in that supports the...

CVE-2020-2192

A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels...

CVE-2020-2192

A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels...

CVE-2020-2192

The CVE-2020-2192 entry covers a CSRF vulnerability in Jenkins Swarm Plugin (Self-Organizing Swarm Plug-in Modules) up to version 3.20. The issue arises because the plugin exposes API endpoints that add or remove agent labels and, in 3.20 and earlier, do not perform regular permission checks or r...

CVE-2020-2192

A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels...

CVE-2020-2192

A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels...

CVE-2020-2191

CVE-2020-2191 concerns Jenkins Self-Organizing Swarm Plug-in Modules Plugin (3.20 and earlier). The root issue is missing permission checks on API endpoints that add or remove agent labels, allowing users with limited rights to perform label modifications. The vulnerability’s documented impact is...

PT-2020-15405 · Jenkins · Jenkins Self-Organizing Swarm Plug-In Modules Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Self-Organizing Swarm Plug-in Modules Plugin versions 3.20 and earlier Description: The issue concerns the lack of permission checks on API endpoints that allow adding and removing agent labels. This allows users with Agent/Create...

Jenkins Swarm Plugin XML external entities information disclosure vulnerability

Summary The Jenkins Self-Organizing Swarm Modules Plugin, version 3.14, contains a trivial XXE XML External Entities vulnerability inside of the getCandidateFromDatagramResponses method. As a result of this issue, it is possible for an attacker on the same network as a Swarm client to read...

CVE-2019-10309

The CVE-2019-10309 entry concerns the Jenkins Swarm Plugin (Swarm Client) where UDP-based master discovery responses are XML documents that are parsed without proper XXE protection. This XXE flaw could allow an unauthenticated attacker on the same network to read arbitrary files from Swarm client...