28 matches found
EUVD-2023-1302
Malicious code in bioql PyPI...
EUVD-2023-1497
Malicious code in bioql PyPI...
EUVD-2023-1374
Malicious code in bioql PyPI...
CVE-2023-33006
A cross-site request forgery CSRF vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account...
CVE-2023-30527
Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2023-30528
Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it...
CVE-2025-47889
In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist...
Jenkins WSO2 Oauth Plugin Fails to Properly Authenticate User Credentials
In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist...
CVE-2025-47889
In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist...
CVE-2025-47889
In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist...
CVE-2025-47889
CVE-2025-47889 affects Jenkins WSO2 Oauth Plugin 1.0 and earlier. The root cause is that authentication claims are accepted without validation by the WSO2 Oauth security realm, enabling unauthenticated logins with any username/password (including non-existent usernames). This can grant accessed c...
PT-2025-21242 · Jenkins · Jenkins Wso2 Oauth Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins WSO2 Oauth Plugin versions 1.0 and earlier Description: The issue allows unauthenticated attackers to log in to controllers using the "WSO2 Oauth" security realm with any username and any password, including usernames that do not exis...
CVE-2023-33006
A cross-site request forgery CSRF vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account...
Code injection
Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account...
CVE-2023-33006
A cross-site request forgery CSRF vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account...
CVE-2023-33006
Jenkins WSO2 Oauth Plugin (1.0 and earlier) contains a CSRF vulnerability. The root cause is the plugin not implementing a proper state parameter in the OAuth flow, enabling attackers to trick users into logging in to the attacker’s account. Impact described in multiple sources (CVE-2023-33006) a...
CVE-2023-33006
A cross-site request forgery CSRF vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account...
Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.15 Multiple Vulnerabilities (CloudBees Security Advisory 2023-04-12)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.15. It is, therefore, affected by multiple vulnerabilities including the following: - Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask i.e....
Jenkins WSO2 Oauth Plugin does not mask the WSO2 Oauth client secret on the global configuration form
Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller as part of its configuration. This client secret can be viewed by users with access to the Jenkins controller file system. Additionally, the global...