EUVD-2022-1913

Malicious code in bioql PyPI...

CloudBees Jenkins Team Foundation Server Plugin Improper Authorization Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An improper authorization...

CloudBees Jenkins Team Foundation Server Plugin Improper Authorization Vulnerability (CNVD-2021-25258)

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An improper authorization...

CVE-2021-21636

A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...

CVE-2021-21638

A cross-site request forgery CSRF vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Information disclosure

A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...

Design/Logic Flaw

A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2021-21637

CVE-2021-21637 affects the Jenkins Team Foundation Server Plugin (versions 5.157.1 and earlier). The underlying issue is a missing permission check, which allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs stored in Jenki...

CVE-2021-21637

A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2020-2249

Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...

CVE-2020-2249

CVE-2020-2249 affects Jenkins Team Foundation Server Plugin versions 5.157.1 and earlier, where a webhook secret is stored unencrypted in the plugin’s global configuration file (hudson.plugins.tfs.TeamPluginGlobalConfig.xml) on the Jenkins controller file system. This allows attackers with local ...