EUVD-2022-3786

Malicious code in bioql PyPI...

CVE-2019-1003090

A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpldoValidate form validation method allows attackers to initiate a connection to an attacker-specified server...

Jenkins SOASTA CloudTest Plugin stores API token in plain text

Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file com.soasta.jenkins.CloudTestServer.xml on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system. As of publication of this advisory there ...

GHSA-7HP3-5W4X-8F7C Jenkins SOASTA CloudTest Plugin stores API token in plain text

Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file com.soasta.jenkins.CloudTestServer.xml on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system. As of publication of this advisory there ...

CSRF vulnerability in Jenkins SOASTA CloudTest Plugin

A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpldoValidate form validation method allows attackers to initiate a connection to an attacker-specified server...

GHSA-FHGG-J92H-29RC Missing permission check in Jenkins SOASTA CloudTest Plugin

A missing permission check in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpldoValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

Missing permission check in Jenkins SOASTA CloudTest Plugin

A missing permission check in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpldoValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

(0Day) Jenkins SOASTA CloudTest Cleartext Storage of Credentials Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins SOASTA CloudTest. Authentication is required to exploit this vulnerability. The specific flaw exists within the SOASTA CloudTest plugin. The issue results from storing credentials in...

CVE-2019-10451

Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

Design/Logic Flaw

Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-10451

This CVE affects the Jenkins SOASTA CloudTest Plugin. The vulnerability stems from credentials being stored unencrypted in the global configuration file on the Jenkins master/controller, specifically in com.soasta.jenkins.CloudTestServer.xml, enabling credentials to be viewed by users with filesy...

CVE-2019-10451

Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CloudBees Jenkins SOASTA CloudTest Plugin Authorization Issues Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. CloudBees. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . SOASTA CloudTest Plugin is used in one of the mobile...

CloudBees Jenkins SOASTA CloudTest plugin cross-site request forgery vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. CloudBees. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . SOASTA CloudTest Plugin is used in one of the mobile...

CVE-2019-1003091

A missing permission check in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpldoValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

CVE-2019-1003090

A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpldoValidate form validation method allows attackers to initiate a connection to an attacker-specified server...

Input validation

A missing permission check in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpldoValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

CVE-2019-1003090

CVE-2019-1003090 : The issue is a cross-site request forgery in the Jenkins SOASTA CloudTest Plugin, specifically in the CloudTestServer.DescriptorImpl.doValidate form validation method, which allows an attacker to initiate a connection to an attacker-specified server. The connected documents con...

CVE-2019-1003091

A missing permission check in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpldoValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

CVE-2019-1003091

CVE-2019-1003091 documents a missing permission check in the Jenkins SOASTA CloudTest Plugin. The vulnerability occurs in CloudTestServer.DescriptorImpl#doValidate form validation, enabling attackers with Overall/Read permission to initiate a connection to an attacker-specified server. The issue ...