EUVD-2022-3324

Malicious code in bioql PyPI...

jenkins: Arbitrary file read vulnerability in workspace browsers

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks...

jenkins: Excessive memory allocation in graph URLs leads to denial of service

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors...

Cloudbees Jenkins and LTS Cross-Site Scripting Vulnerability (CNVD-2021-04646)

Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . A cross-site scripting...

Cloudbees Jenkins and LTS Authorization Issues Vulnerability (CNVD-2021-04651)

Cloudbees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An authorization issue...

Cloudbees Jenkins Cross-Site Scripting Vulnerability (CNVD-2021-03556)

Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Jenkins version 2.274 and before...

Cloudbees Jenkins and LTS Injection Vulnerabilities

Cloudbees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An injection vulnerability...

Jenkins 路径遍历漏洞

Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . An input validation error...

PT-2021-14651 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.274 and earlier Jenkins LTS versions 2.263.1 and earlier Description: The issue results from the failure to escape button labels in the Jenkins UI, leading to a cross-site scripting XSS vulnerability. This vulnerability can...

Cloudbees Jenkins 跨站脚本漏洞

Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . A cross-site scripting vulnerabilit...

PT-2021-14652 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.274 and earlier, LTS versions 2.263.1 and earlier Description: The issue allows attackers without Overall/Read permission to access some URLs as if they had Overall/Read permission due to incorrect matching of requested URL...

Cloudbees Jenkins 输入验证错误漏洞

Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...

PT-2021-14648 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.274 and earlier, LTS versions 2.263.1 and earlier Description: The issue allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global config.xml file. If the global config.xml...

Cloudbees Jenkins 授权问题漏洞

Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . An authorization issue vulnerabilit...