Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-3017

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.00857EPSS
Exploits0References4
OSV
OSV
added 2022/07/28 12:0 a.m.31 views

GHSA-W8GX-4R6W-3RX9 Jenkins rhnpush-plugin does not perform a permission check in a method implementing form validation

Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace...

4.3CVSS4.7AI score0.0055EPSS
Exploits0References4
OSV
OSV
added 2022/07/27 3:15 p.m.3 views

CVE-2022-36915

Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace...

4.3CVSS5.8AI score0.0055EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/07/27 12:0 a.m.4 views

PT-2022-5836 · Jenkins · Jenkins Android Signing Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Android Signing Plugin versions 2.2.5 and earlier Description: The issue is related to a lack of permission check in a method implementing form validation. This allows attackers with Item/Read permission but without Item/Workspace or...

4.3CVSS4.1AI score0.0055EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2022/07/27 12:0 a.m.3 views

PT-2022-4041 · Jenkins · Jenkins Rpmsign-Plugin Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins rpmsign-plugin Plugin versions 0.5.0 and earlier Description: The issue is related to insufficient authorization procedures in the Jenkins rpmsign-plugin Plugin, allowing remote attackers with Item/Read permission but without...

4.3CVSS4.3AI score0.00561EPSS
Exploits0References9
OSV
OSV
added 2022/05/24 7:20 p.m.16 views

GHSA-HR8P-76Q8-FXWQ XXE vulnerability in Jenkins Performance Plugin

Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control workspace contents to have Jenkins parse a crafted XML report file that uses external entities for extraction of secrets from the Jenkins...

6.5CVSS6.3AI score0.01671EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 7:20 p.m.20 views

XXE vulnerability in Jenkins OWASP Dependency-Check Plugin

Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control workspace contents to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the...

7.1CVSS6.6AI score0.00979EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 7:20 p.m.18 views

XXE vulnerability in Jenkins Performance Plugin

Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control workspace contents to have Jenkins parse a crafted XML report file that uses external entities for extraction of secrets from the Jenkins...

6.5CVSS6.2AI score0.01671EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 5:44 p.m.22 views

GHSA-7J3X-XM4J-JFJ7 Missing permission checks in Jenkins Warnings Next Generation Plugin allow listing workspace contents

Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match...

4.3CVSS4.7AI score0.00857EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 5:44 p.m.22 views

Missing permission checks in Jenkins Warnings Next Generation Plugin allow listing workspace contents

Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match...

4.3CVSS4.9AI score0.00857EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2021/03/18 2:15 p.m.19 views

Design/Logic Flaw

Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match...

4CVSS4.5AI score0.00857EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2021/03/18 1:35 p.m.22 views

CVE-2021-21626

Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match...

4.3CVSS4.9AI score0.00857EPSS
Exploits0References2
Rows per page
Query Builder