EUVD-2022-6345

Malicious code in bioql PyPI...

Jenkins XebiaLabs XL Release Plugin Licensing Issue Vulnerability (CNVD-2022-58430)

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins XebiaLabs XL Release Plugin...

Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow enumerating credentials IDs

XebiaLabs XL Release Plugin 22.0.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using...

CVE-2022-34780

A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-34781

Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-34781

Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-34779

A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

Information disclosure

A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2022-34781

Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-34781

Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-34781

The vulnerability CVE-2022-34781 affects Jenkins XebiaLabs XL Release Plugin (version 22.0.0 and earlier). The root cause is missing permission checks, allowing attackers with Overall/Read permission to trigger outbound connections to an attacker-controlled HTTP server using attacker-specified cr...

CVE-2022-34780

CVE-2022-34780 applies to Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier. The vulnerability is a cross-site request forgery (CSRF) that lets an attacker, with access to a credential context, cause Jenkins to connect to an attacker‑specified HTTP server using attacker‑specified credentials...

CVE-2022-34780

A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-34780

A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-34779

CVE-2022-34779 affects the Jenkins XebiaLabs XL Release Plugin (versions 22.0.0 and earlier). The root cause is a missing permission check, allowing attackers with Overall/Read permission to enumerate credentials IDs stored in Jenkins. This credential enumeration could facilitate further abuse wh...

Jenkins XebiaLabs XL Release Plugin 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins XebiaLabs XL Release Plugin 22.0....

Jenkins XebiaLabs XL Release Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins XebiaLabs XL Release Plugin...

PT-2022-22332 · Xebialabs +1 · Jenkins Xebialabs Xl Release Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins XebiaLabs XL Release Plugin versions 22.0.0 and earlier Description: The issue is related to missing permission checks in the Jenkins XebiaLabs XL Release Plugin, allowing attackers with Overall/Read permission to connect to an...

PT-2022-22331 · Xebialabs +1 · Jenkins Xebialabs Xl Release Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins XebiaLabs XL Release Plugin versions 22.0.0 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained...

PT-2022-22330 · Xebialabs +1 · Xebialabs Xl Release Plugin +1

Name of the Vulnerable Software and Affected Versions: XebiaLabs XL Release Plugin versions 22.0.0 and earlier Description: A missing permission check in the XebiaLabs XL Release Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Th...