24 matches found
EUVD-2022-0766
Malicious code in bioql PyPI...
EUVD-2022-0923
Malicious code in bioql PyPI...
CVE-2022-25212
A cross-site request forgery CSRF vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials...
CVE-2022-25211
A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server using attacker-specified credentials...
Jenkins SWAMP Plugin Cross-Site Request Forgery Vulnerability
Jenkins plug-ins are plug-ins that provide appropriate functionality for Jenkins. Jenkins SWAMP Plugin cross-site request forgery vulnerability. An attacker with general or read privileges can exploit this vulnerability to connect to a specified URL using a specified credential ID to capture...
Missing permission check in Jenkins SWAMP Plugin allows capturing credentials
SWAMP Plugin 1.2.6 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials...
GHSA-8P8Q-WVXX-JQ94 Missing permission check in Jenkins SWAMP Plugin allows capturing credentials
SWAMP Plugin 1.2.6 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials...
GHSA-2PJ6-5HQC-W5X9 CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials
WAMP Plugin 1.2.6 and earlier does not perform a permission check in a method implementing form validation.\ This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials...
CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials
WAMP Plugin 1.2.6 and earlier does not perform a permission check in a method implementing form validation.\ This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials...
CVE-2022-25212
A cross-site request forgery CSRF vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials...
CVE-2022-25211
A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server using attacker-specified credentials...
CVE-2022-25211
A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server using attacker-specified credentials...
CVE-2022-25212
A cross-site request forgery CSRF vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials...
CVE-2022-25211
A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server using attacker-specified credentials...
CVE-2022-25212
A cross-site request forgery CSRF vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials...
Design/Logic Flaw
A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server using attacker-specified credentials...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials...
CVE-2022-25212
A cross-site request forgery CSRF vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials...
CVE-2022-25212
CVE-2022-25212 : Jenkins SWAMP Plugin version 1.2.6 and earlier has a CSRF flaw that lets an attacker cause the Jenkins controller to connect to an attacker‑specified web server using attacker‑specified credentials. The issue is documented across NVD and security advisories (Nessus/OSV) and, as n...
CVE-2022-25211
A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server using attacker-specified credentials...