21 matches found
CVE-2018-1000113
A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript...
EUVD-2022-2238
Malicious code in bioql PyPI...
EUVD-2022-4950
Malicious code in bioql PyPI...
CVE-2019-10378
Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
GHSA-QCFR-65HF-F98X Jenkins TestLink Plugin stores credentials in plain text
Jenkins TestLink Plugin stores credentials unencrypted in its global configuration file hudson.plugins.testlink.TestLinkBuilder.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system. As of publication of this advisory, there is n...
GHSA-3RRG-P8XC-3457 Stored cross-site scripting vulnerability in Jenkins TestLink Plugin
A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript...
Stored cross-site scripting vulnerability in Jenkins TestLink Plugin
A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript...
CloudBees Jenkins TestLink Plugin Information Disclosure Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An information disclosure...
CVE-2019-10378
Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-10378
Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
Design/Logic Flaw
Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-10378
Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-10378
CVE-2019-10378 affects the Jenkins TestLink Plugin (versions ≤ 3.16). The vulnerability arises from credentials being stored unencrypted in the plugin’s global configuration file on the Jenkins master filesystem, enabling anyone with master FS access to view them. The CVSS v3.1 score is 5.3 ( MED...
PT-2019-11774 · Jenkins · Jenkins Testlink Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins TestLink Plugin versions 3.16 and earlier Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specifically, the credentials are...
Jenkins TestLink Plugin Cross-Site Scripting Vulnerability
Jenkins is an open source software project , is based on Java development of a continuous integration tool . A cross-site scripting vulnerability exists in TestLinkBuildAction/summary.jelly and other scripts in Jenkins TestLink Plugin 2.12 and earlier versions, which stems from a program that mak...
CVE-2018-1000113
A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript...
CVE-2018-1000113
A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript...
Cross site scripting
A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript...
CVE-2018-1000113
A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript...
CVE-2018-1000113
A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript...