GHSA-79H8-7735-V3F9 System command execution vulnerability in Selection tasks Jenkins Plugin

Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as...

Jenkins JClouds Plugin missing permission check

Jenkins JClouds Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored ...

PT-2025-32441

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Bluetooth implementation of the Linux kernel where the strlen function is used with hdev-dev name,short name which are not guaranteed to be NULL terminated. This...

CVE-2022-30954

Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server...

GHSA-MV8G-FHH6-6267 Django user with hardcoded password created when running tests on Oracle

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly adde...

GHSA-53WF-VQF9-CGF2 Server-Side Request Forgery in Jenkins Git Plugin

A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a...

GHSA-26HW-262C-G9GC Exposure of sensitive information vulnerability in Jenkins Black Duck Hub Plugin

A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

Jenkins TraceTronic ECU-TEST Plugin server-side request forgery vulnerability

A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host...

GHSA-HP7X-282P-HHR9 Jenkins TraceTronic ECU-TEST Plugin server-side request forgery vulnerability

A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host...

CSRF vulnerability in jenkins-reviewbot Plugin

A cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptordoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

GHSA-G3RG-CJ5X-3VPF CSRF vulnerability in jenkins-reviewbot Plugin

A cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptordoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

GHSA-6J5J-W6V4-RWQR Jenkins VMware Lab Manager Slaves Plugin vulnerable CSRF vulnerability

A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

CSRF vulnerability in Jenkins Gearman Plugin

A cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfigdoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

CSRF vulnerability in Jenkins sinatra-chef-builder Plugin

A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

CSRF vulnerability in Jenkins SOASTA CloudTest Plugin

A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpldoValidate form validation method allows attackers to initiate a connection to an attacker-specified server...

GHSA-8V26-3P83-MF2G Jenkins OpenID Plugin CSRF vulnerability

A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method allows attackers to initiate a connection to an attacker-specified server...

Missing permission check in Jenkins jenkins-reviewbot Plugin

A missing permission check in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptordoTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

GHSA-2R46-CWGM-VVJX Missing permission check in Jenkins jenkins-reviewbot Plugin

A missing permission check in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptordoTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

Missing permission check in Jenkins Netsparker Cloud Scan Plugin

A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpldoValidateAPI form validation method allowed attackers with Overall/Read permission to initiate a connection to an attacker-specified server...