Lucene search
K

39 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-2824

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.01296EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 1:25 a.m.7 views

CVE-2022-25208

A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...

8.8CVSS6.6AI score0.0108EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:4 a.m.9 views

CVE-2022-25207

A cross-site request forgery CSRF vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...

8.8CVSS6.8AI score0.00706EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:36 p.m.6 views

CVE-2022-25209

Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.8CVSS6.7AI score0.0109EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:7 a.m.11 views

CVE-2019-1003086

A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.6AI score0.01296EPSS
Exploits0References1
OSV
OSV
added 2022/02/16 12:1 a.m.15 views

GHSA-X92V-XV3X-9V29 CSRF vulnerability in Jenkins Chef Sinatra Plugin allow XXE

Jenkins Chef Sinatra Plugin 1.20 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse the response as XML. As the plugin doe...

8.8CVSS8.7AI score0.00706EPSS
Exploits0References4
OSV
OSV
added 2022/02/16 12:1 a.m.18 views

GHSA-FQ56-C7RJ-J3J9 Missing permission checks in Jenkins Chef Sinatra Plugin allow XXE

Jenkins Chef Sinatra Plugin 1.20 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse the response as XML. As the plugin doe...

8.8CVSS8.7AI score0.0108EPSS
Exploits0References4
NVD
NVD
added 2022/02/15 5:15 p.m.30 views

CVE-2022-25207

A cross-site request forgery CSRF vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...

8.8CVSS0.00706EPSS
Exploits0References2
OSV
OSV
added 2022/02/15 5:15 p.m.29 views

CVE-2022-25207

A cross-site request forgery CSRF vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...

8.8CVSS7AI score
Exploits0References2
NVD
NVD
added 2022/02/15 5:15 p.m.23 views

CVE-2022-25209

Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.8CVSS0.0109EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/02/15 5:15 p.m.3 views

CVE-2022-25208

A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...

8.8CVSS7.3AI score0.0108EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/02/15 5:15 p.m.4 views

CVE-2022-25207

A cross-site request forgery CSRF vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...

8.8CVSS7.3AI score0.00706EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/02/15 5:15 p.m.5 views

CVE-2022-25209

Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.8CVSS7.3AI score0.0109EPSS
Exploits0References2
NVD
NVD
added 2022/02/15 5:15 p.m.20 views

CVE-2022-25208

A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...

8.8CVSS0.0108EPSS
Exploits0References2
OSV
OSV
added 2022/02/15 5:15 p.m.30 views

CVE-2022-25208

A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...

8.8CVSS8.8AI score
Exploits0References2
Prion
Prion
added 2022/02/15 5:15 p.m.18 views

Design/Logic Flaw

A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...

6.5CVSS8.5AI score0.0108EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/02/15 5:15 p.m.19 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...

6.8CVSS8.7AI score0.00706EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/02/15 4:11 p.m.35 views

CVE-2022-25209

Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.9AI score0.0109EPSS
Exploits0References1
CVE
CVE
added 2022/02/15 4:11 p.m.124 views

CVE-2022-25209

CVE-2022-25209 affects the Jenkins Chef Sinatra Plugin (versions 1.20 and earlier). The root cause is that the plugin does not configure its XML parser to prevent XML External Entity (XXE) attacks, enabling crafted XML responses to be parsed with potential exposure of secrets from the Jenkins con...

8.8CVSS8.6AI score0.0109EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/02/15 4:11 p.m.19 views

CVE-2022-25208

A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...

8.8AI score0.0108EPSS
Exploits0References2
Rows per page
Query Builder