95 matches found
EUVD-2022-6281
Malicious code in bioql PyPI...
EUVD-2022-2299
Malicious code in bioql PyPI...
EUVD-2022-4397
Malicious code in bioql PyPI...
EUVD-2022-6345
Malicious code in bioql PyPI...
EUVD-2022-4004
Malicious code in bioql PyPI...
Malicious code in xebialabs (npm)
The package xebialabs was found to contain malicious code...
MAL-2025-39602 Malicious code in xebialabs (npm)
The package xebialabs was found to contain malicious code...
CVE-2022-34779
A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-34780
A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2021-21662
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...
CVE-2021-21665
A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...
CVE-2019-10305
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the CredentialdoValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
CVE-2019-10304
A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the CredentialdoValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server...
Jenkins plugins Multiple Vulnerabilities (2022-06-30)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulti...
Jenkins XebiaLabs XL Release Plugin Cross-Site Request Forgery Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins XebiaLabs XL Release Plugin 22.0....
Jenkins XebiaLabs XL Release Plugin Licensing Issue Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins XebiaLabs XL Release Plugin...
Jenkins XebiaLabs XL Release Plugin Licensing Issue Vulnerability (CNVD-2022-58430)
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins XebiaLabs XL Release Plugin...
Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow enumerating credentials IDs
XebiaLabs XL Release Plugin 22.0.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using...
CSRF vulnerability in Jenkins XebiaLabs XL Release Plugin allow capturing credentials
XebiaLabs XL Release Plugin 22.0.0 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method,...
Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow capturing credentials
Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...