38 matches found
EUVD-2022-4004
Malicious code in bioql PyPI...
CVE-2021-21662
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...
CVE-2021-21665
A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...
CVE-2019-10305
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the CredentialdoValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
CVE-2019-10304
A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the CredentialdoValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server...
Incorrect permission check in XebiaLabs XL Deploy Plugin allows capturing credentials
An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored i...
Jenkins Cross-Site Request Forgery Vulnerability (CNVD-2021-49068)
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . The Jenkins XebiaLabs XL Deploy Plugin suffers from a cross-site request forgery vulnerability that stems from a...
CVE-2021-21663
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in...
CVE-2021-21665
A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...
CVE-2021-21664
An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored i...
CVE-2021-21665
A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...
CVE-2021-21662
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...
CVE-2021-21662
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...
Information disclosure
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...
Default credentials
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in...
CVE-2021-21665
A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...
CVE-2021-21665
CVE-2021-21665 is a CSRF vulnerability in the Jenkins XebiaLabs XL Deploy Plugin (versions 10.0.1 and earlier). The issue allows an attacker to have the Jenkins server connect to an attacker-controlled URL using attacker-selected credential IDs, which can result in leakage of stored credentials (...
CVE-2021-21665
A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...
CVE-2021-21663
CVE-2021-21663 affects the Jenkins XebiaLabs XL Deploy Plugin