12 matches found
EUVD-2022-5346
Malicious code in bioql PyPI...
EUVD-2022-2844
Malicious code in bioql PyPI...
CVE-2019-10386
A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptordoTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturi...
GHSA-6Q4P-JRJV-44GF Cross-site request forgery vulnerability in Jenkins XL TestView Plugin
A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptordoTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturi...
CVE-2019-10386
A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptordoTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturi...
CVE-2019-10386
A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptordoTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturi...
CVE-2019-10387
A missing permission check in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptordoTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptordoTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturi...
CVE-2019-10387
A missing permission check in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptordoTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials...
CVE-2019-10387
CVE-2019-10387 affects Jenkins XL TestView Plugin versions 1.2.0 and earlier. The root cause is a missing permission check in XLTestView.XLTestDescriptor#doTestConnection, enabling users with Overall/Read access to connect to an attacker-controlled URL using attacker-supplied credentials IDs and ...
CVE-2019-10386
The CVE-2019-10386 entry concerns Jenkins XL TestView Plugin (versions 1.2.0 and earlier). The issue is a cross-site request forgery in XLTestView.XLTestDescriptor#doTestConnection that allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credenti...
PT-2019-11780 · Jenkins · Jenkins Xl Testview Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins XL TestView Plugin versions 1.2.0 and earlier Description: A cross-site request forgery issue allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturin...