EUVD-2022-2355

Malicious code in bioql PyPI...

EUVD-2022-3026

Malicious code in bioql PyPI...

CVE-2019-1003060

Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

Content-Security-Policy protection for user content disabled by Jenkins ZAP Pipeline Plugin

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts. ZAP Pipeline Plugin prior to 1.10 globally disables the Content-Security-Policy header for static files served by Jenkin...

GHSA-7JX8-244G-JFPX Jenkins OWASP ZAP Plugin stores unencrypted credentials

Jenkins Official OWASP ZAP Plugin stores Jira credentials unencrypted in its global configuration file org.jenkinsci.plugins.zap.ZAPBuilder.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

CloudBees Jenkins Official OWASP ZAP Plugin Trust Management Issue Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees. The product is mainly used to monitor the continuous software version of the release/testing project and some timed tasks . Official OWASP ZAP Plugin is used in one of the automatic scanning tool for...

Design/Logic Flaw

Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-1003060

Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-1003060

Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-1003060

CVE-2019-1003060 affects the Jenkins Official OWASP ZAP Plugin. The issue is that credentials are stored in plaintext in the plugin’s global configuration file (org.jenkinsci.plugins.zap.ZAPBuilder.xml) on the Jenkins controller/master, allowing any user with access to the master filesystem to vi...

Faraday v3.3 - Collaborative Penetration Test and Vulnerability Management Platform

Here’s the main new features and improvements in Faraday v3.3: Workspace archive You are now able to make the whole workspace read only and archive it for future use. This allows to clear the clutter from all your ongoing projects while giving you the opportunity to continue with your work later ...

Retire.Js - Scanner Detecting The Use Of JavaScript Libraries With Known Vulnerabilities

What you require you must also retire There is a plethora of JavaScript libraries for use on the Web and in Node.JS apps out there. This greatly simplifies development,but we need to stay up-to-date on security fixes. "Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10...