10 matches found
Authorization Bypass
Jenkins OpenTelemetry Plugin is vulnerable to Authorization Bypass. The vulnerability is due to the plugin allows users with only Overall/Read permission to invoke functionality that connects to attacker-specified URLs using attacker-controlled credential IDs, and enables attackers to capture or...
EUVD-2022-1418
Malicious code in bioql PyPI...
EUVD-2022-4265
Malicious code in bioql PyPI...
EUVD-2023-0346
Malicious code in bioql PyPI...
CVE-2023-37958
A cross-site request forgery CSRF vulnerability in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers to connect to an attacker-specified URL...
CVE-2022-25195
A missing permission check in Jenkins autonomiq Plugin 1.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2025-47887
Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...
CVE-2023-2631
A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...
Access Restrictions Bypass
JRE proxy is vulnerable to access restrictions bypass. An additional flaw was found in the proxy mechanism implementation. This flaw allowed an untrusted applet or application to bypass access restrictions and communicate using non-authorized socket or URL connections to hosts other than the orig...
CVE-2019-10463
A missing permission check in Jenkins Dynatrace Application Monitoring Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...