54 matches found
EUVD-2023-2668
Malicious code in bioql PyPI...
EUVD-2022-4597
Malicious code in bioql PyPI...
EUVD-2022-4890
Malicious code in bioql PyPI...
EUVD-2022-3017
Malicious code in bioql PyPI...
EUVD-2022-4673
Malicious code in bioql PyPI...
CVE-2023-46651
Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1...
CVE-2020-2280
A cross-site request forgery CSRF vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code...
CVE-2019-1003007
A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint...
CVE-2018-1000012
Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
GHSA-66HV-FHCM-7XM7 Jenkins Warnings Plugin exposures system-scoped credentials
Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing the use of system-scoped credentials otherwise reserved for the global configuration. This allows attackers with Item/Configure permission to access and capture credentials they are no...
Jenkins Warnings Plugin exposures system-scoped credentials
Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing the use of system-scoped credentials otherwise reserved for the global configuration. This allows attackers with Item/Configure permission to access and capture credentials they are no...
CVE-2023-46651
Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1...
CVE-2023-46651
Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1...
Design/Logic Flaw
Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1...
CVE-2023-46651
Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1...
CVE-2023-46651
Affected software: Jenkins Warnings Plugin, version 10.5.0 and earlier (backport fix to 10.4.1). Vulnerability: The plugin does not set the appropriate context for credentials lookup, allowing users with Item/Configure permission to access credentials they are not entitled to. Impact: Potential u...
CVE-2023-46651
Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1...
CVE-2023-46651
Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1...
PT-2023-6484 · Jenkins · Jenkins Warnings Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Warnings Plugin versions 10.5.0 and earlier Description: The issue is related to information disclosure, allowing remote attackers to gain unauthorized access to protected information. Specifically, it does not set the appropriate...
SUSE CVE-2018-1000012
Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...