21 matches found
EUVD-2022-3383
Malicious code in bioql PyPI...
EUVD-2022-5840
Malicious code in bioql PyPI...
CVE-2020-2245
Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2246
Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control Valgrind XML report contents...
SUSE CVE-2020-2246
Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control Valgrind XML report contents...
SUSE CVE-2020-2245
Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Stored XSS vulnerability in Jenkins Valgrind Plugin
Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control Valgrind XML report contents...
XXE vulnerability in Jenkins Valgrind Plugin
Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the Valgrind plugin parser to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the...
CloudBees Jenkins XXE Vulnerability (CNVD-2020-50958)
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A XXE vulnerability exists in...
CloudBees Jenkins XSS Vulnerability
CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. The product is mainly used to monitor the continuous software version of the release/test project and some timed execution of the task . LTS is a long-term support for CloudBeesJenkins version...
CVE-2020-2246
Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control Valgrind XML report contents...
CVE-2020-2245
Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2245
Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Cross site scripting
Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control Valgrind XML report contents...
CVE-2020-2246
Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control Valgrind XML report contents...
CVE-2020-2245
CVE-2020-2245 affects Jenkins Valgrind Plugin 0.28 and earlier. The root cause is an XML parser not configured to disable external entities, enabling XXE attacks. In-the-wild impact described in a GHSA advisory includes the possibility of parsing crafted input to exfiltrate secrets or trigger SSR...
CVE-2020-2246
CVE-2020-2246 affects Jenkins Valgrind Plugin 0.28 and earlier. The vulnerability arises because the plugin does not escape content in Valgrind XML reports, enabling stored cross-site scripting (XSS) if an attacker can control the Valgrind report contents. Connected sources corroborate the same d...
CVE-2020-2245
Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
PT-2020-15468 · Jenkins · Jenkins Valgrind Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Valgrind Plugin versions 0.28 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the plugin does not properly escape content in Valgrind XML reports. This allows attacke...