Lucene search
K

9 matches found

NVD
NVD
added 2026/06/24 2:17 p.m.11 views

CVE-2026-57296

Jenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences in the custom workspace path provided to the exwsAllocate Pipeline step, allowing attackers with Item/Configure permission to read arbitrary files on the Jenkins controller file system, which can...

8.8CVSS0.00595EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/05 11:25 a.m.37 views

CVE-2026-43571 OpenClaw < 2026.4.10 - Untrusted Workspace Plugin Shadow Resolution in Channel Setup

OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust gates during setup-tim...

8.8CVSS0.00386EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/05 11:25 a.m.7 views

CVE-2026-43571 OpenClaw < 2026.4.10 - Untrusted Workspace Plugin Shadow Resolution in Channel Setup

OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust gates during setup-tim...

8.8CVSS5.8AI score0.00386EPSS
Exploits0References3
CVE
CVE
added 2026/05/05 11:25 a.m.17 views

CVE-2026-43571

OpenClaw prior to version 2026.4.10 contains a vulnerability where channel setup catalog lookups can resolve workspace plugin shadows before bundled channel plugins, effectively bypassing plugin trust gates during setup-time loading. This trust bypass is due to how workspace plugins are resolved,...

8.8CVSS5.8AI score0.00386EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/04/07 6:15 p.m.7 views

Unsafe Dependency Resolution

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution through the channel setup process. An attacker can execute arbitrary code by introducing a malicious workspace plugin that claims a bundled channel id, allowi...

8.5CVSS6.5AI score0.00133EPSS
Exploits0References2
CNVD
CNVD
added 2020/10/21 12:0 a.m.4 views

CloudBees Jenkins Copy data to workspace Plugin Arbitrary File Read Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An arbitrary file read...

6.5CVSS6.9AI score0.01704EPSS
Exploits0References1
NVD
NVD
added 2020/09/16 2:15 p.m.16 views

CVE-2020-2275

Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller...

6.5CVSS0.01704EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/09/16 1:20 p.m.15 views

CVE-2020-2275

Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller...

6.3AI score0.01704EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2019/03/14 3:41 p.m.5 views

com.liferay:com.liferay.gradle.plugins.workspace (>=1.10.12 <=8.0.0) potentially affected by CVE-2018-1324 via com.liferay:com.liferay.portal.tools.bundle.support (>=3.2.7 <=3.7.3)

com.liferay:com.liferay.portal.tools.bundle.support MAVEN version =3.2.7, =1.10.12, =8.0.0 Source cves: CVE-2018-1324 Source advisory: OSV:GHSA-H436-432X-8FVX...

5.5CVSS6.6AI score0.03681EPSS
Exploits0
Rows per page
Query Builder