EUVD-2022-7185

Malicious code in bioql PyPI...

Malicious code in @malware-test-cagot-heist-ended-total/test-mlw3-cagot-heist-ended-total (npm)

The package @malware-test-cagot-heist-ended-total/test-mlw3-cagot-heist-ended-total was found to contain malicious code...

Malicious code in @malware-test-inure-rondo-woven-total/test-mlw3-inure-rondo-woven-total (npm)

The package @malware-test-inure-rondo-woven-total/test-mlw3-inure-rondo-woven-total was found to contain malicious code...

com.amadeus.jenkins.plugins:workflow-cps-global-lib-http (>=2.33.0 <=2.54.0), com.compuware.jenkins:compuware-scm-downloader (>=1.6 <=2.0.5) +105 more potentially affected by CVE-2023-40338 via org.jenkins-ci.plugins:cloudbees-folder (>=4.0 <=6.815.v0dd5a_cb_40e0e)

org.jenkins-ci.plugins:cloudbees-folder MAVEN version =4.0, =2.33.0, =1.6, =1.8, =1.0.2, =1.0.0, =2.0.0, =0.4, =1.0, =7.5.7, =0.9.1, =1.0-alpha-1, =1.27.19, =1.27.25 and more Source cves: CVE-2023-40338 Source advisory: OSV:GHSA-36HQ-V2FC-RPQP...

Agent-to-controller security bypass vulnerabilities in Jenkins Compuware Topaz for Total Test Plugin

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. These...

Jenkins Compuware Topaz for Total Test Plugin vulnerable to Protection Mechanism Failure

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system...

GHSA-7FVJ-G3WP-29G8 Jenkins Compuware Topaz for Total Test Plugin vulnerable to Protection Mechanism Failure

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system...

GHSA-VHWV-8897-JM7Q XXE vulnerability in Jenkins Compuware Topaz for Total Test Plugin

Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control the input files for the 'Topaz for Total Test - Execute Total Test scenarios' build step to have Jenkins parse a crafted XML...

Jenkins Compuware Topaz for Total Test Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

XXE vulnerability in Jenkins Compuware Topaz for Total Test Plugin

Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control the input files for the 'Topaz for Total Test - Execute Total Test scenarios' build step to have Jenkins parse a crafted XML...

GHSA-X5GV-5RQV-654M Jenkins Compuware Topaz for Total Test Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2022-43430

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-43428

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...

CVE-2022-43427

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2022-43427

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2022-43430

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-43429

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system...

Xxe

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Design/Logic Flaw

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system...

Input validation

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...