EUVD-2022-5236

Malicious code in bioql PyPI...

CVE-2021-21659

Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2018-1000606

A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL...

XXE vulnerability in Jenkins URLTrigger Plugin

Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with Job/Configure permission or otherwise able to control the contents of an URL to an XML document being examined for changes to have Jenkins parse a...

URLTrigger Plugin server-side request forgery vulnerability

A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. As of version 0.43, this form validation method no longer connects to a use...

CloudBees Jenkins URLTrigger Plugin XML External Entity Injection Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . URLTrigger Plugin is used in one of the plugin used t...

CVE-2021-21659

Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2021-21659

Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2021-21659

Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2021-21659

The CVE-2021-21659 entry corresponds to an XXE vulnerability in the Jenkins URLTrigger Plugin (versions 0.48 and earlier). The issue arises from the plugin not configuring its XML parser to disable external entity resolution, enabling crafted XML to cause disclosure of secrets, server-side reques...

Jenkins Plugin代码问题漏洞

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . URLTrigger Plugin is used in one of the plugin used t...

PT-2021-14702 · Jenkins · Jenkins Urltrigger Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins URLTrigger Plugin versions 0.48 and earlier Description: The issue allows attackers with Job/Configure permission or those able to control the contents of a URL to an XML document being examined for changes to have Jenkins parse a...

CloudBees Jenkins URLTrigger Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software release/testing projects and some of the timed execution of the task . URLTrigger Plugin is...

Server side request forgery (ssrf)

A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL...

CVE-2018-1000606

A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL...

CVE-2018-1000606

A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL...

CVE-2018-1000606

A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL...

CVE-2018-1000606

The CVE CVE-2018-1000606 describes a server-side request forgery in the Jenkins URLTrigger Plugin (0.41 and earlier). The vulnerability arises in URLTrigger.java, allowing users with Overall/Read access to induce Jenkins to issue an unauthenticated GET to an attacker-controlled URL. Impact is mis...