12 matches found
EUVD-2022-1886
Malicious code in bioql PyPI...
EUVD-2022-2647
Malicious code in bioql PyPI...
CVE-2019-1003044
A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CloudBees Jenkins CSRF Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Slack Notification Plugin is used in one of t...
CloudBees Jenkins Cross-Site Request Forgery Vulnerability (CNVD-2019-09290)
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Slack Notification Plugin is used in one of t...
CVE-2019-1003044
A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-1003044
A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-1003043
A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-1003043
A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-1003044
Summary: CVE-2019-1003044 is a CSRF vulnerability in Jenkins Slack Notification Plugin version 2.19 and earlier. The issue allows an attacker to craft a request that connects to an attacker-chosen URL using credentials IDs that an attacker can obtain by other means, potentially exposing credentia...
CVE-2019-1003043
Summary: Jenkins Slack Notification Plugin (versions ≤ 2.19) contains a missing permission check in a form-validation pathway that can be exploited by users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially exfiltrating credenti...
CVE-2019-1003044
A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...