12 matches found
EUVD-2022-3017
Malicious code in bioql PyPI...
GHSA-W8GX-4R6W-3RX9 Jenkins rhnpush-plugin does not perform a permission check in a method implementing form validation
Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace...
CVE-2022-36915
Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace...
PT-2022-5836 · Jenkins · Jenkins Android Signing Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Android Signing Plugin versions 2.2.5 and earlier Description: The issue is related to a lack of permission check in a method implementing form validation. This allows attackers with Item/Read permission but without Item/Workspace or...
PT-2022-4041 · Jenkins · Jenkins Rpmsign-Plugin Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins rpmsign-plugin Plugin versions 0.5.0 and earlier Description: The issue is related to insufficient authorization procedures in the Jenkins rpmsign-plugin Plugin, allowing remote attackers with Item/Read permission but without...
GHSA-HR8P-76Q8-FXWQ XXE vulnerability in Jenkins Performance Plugin
Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control workspace contents to have Jenkins parse a crafted XML report file that uses external entities for extraction of secrets from the Jenkins...
XXE vulnerability in Jenkins OWASP Dependency-Check Plugin
Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control workspace contents to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the...
XXE vulnerability in Jenkins Performance Plugin
Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control workspace contents to have Jenkins parse a crafted XML report file that uses external entities for extraction of secrets from the Jenkins...
GHSA-7J3X-XM4J-JFJ7 Missing permission checks in Jenkins Warnings Next Generation Plugin allow listing workspace contents
Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match...
Missing permission checks in Jenkins Warnings Next Generation Plugin allow listing workspace contents
Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match...
Design/Logic Flaw
Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match...
CVE-2021-21626
Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match...