Lucene search
K

49 matches found

NVD
NVD
added 2026/06/24 2:17 p.m.9 views

CVE-2026-57307

A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b450b1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.2CVSS0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 2:17 p.m.13 views

CVE-2026-57306

A cross-site request forgery CSRF vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b450b1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.2CVSS0.0011EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.4 views

CVE-2026-57307

A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b450b1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.2CVSS5.8AI score0.0014EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 1:20 p.m.17 views

CVE-2026-57306

Jenkins Zowe zDevOps Plugin

4.2CVSS5.8AI score0.0011EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.47 views

CVE-2026-57306

A cross-site request forgery CSRF vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b450b1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

0.0011EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 1:20 p.m.10 views

CVE-2026-57307

CVE-2026-57307 describes a vulnerability in the Jenkins Zowe zDevOps Plugin (1.1.3.50.ve350c9b_450b_1 and earlier) where a missing permission check allows users with Overall/Read to initiate connections to attacker-specified URLs using attacker-specified credentials IDs. This can lead to credenti...

4.2CVSS5.8AI score0.0014EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.36 views

CVE-2026-57307

A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b450b1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

0.0014EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.6 views

CVE-2026-57306

A cross-site request forgery CSRF vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b450b1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.2CVSS5.8AI score0.0011EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 1:20 p.m.9 views

EUVD-2026-38787

A cross-site request forgery CSRF vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b450b1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.2CVSS5.8AI score0.0011EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 1:20 p.m.8 views

EUVD-2026-38788

A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b450b1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.2CVSS5.8AI score0.0014EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-2350

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.00141EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-47903

Malicious code in bioql PyPI...

5.9CVSS6.6AI score0.00139EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-0909

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00255EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-47844

Malicious code in bioql PyPI...

9CVSS6.6AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:48 a.m.7 views

CVE-2024-6833

A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation...

5.9CVSS6.7AI score0.00141EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:27 a.m.6 views

CVE-2024-6916

A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag...

5.9CVSS6.6AI score0.00139EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/10 12:0 a.m.6 views

API Mediation Layer 安全漏洞

API Mediation Layer is a Zowe open source API mediation layer. It provides a single point of access to the mainframe services REST API. A security vulnerability exists in API Mediation Layer. An attacker exploiting this vulnerability could check whether a service is running...

5.3CVSS6.6AI score0.00199EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/10 12:0 a.m.9 views

PT-2024-39845 · Zowe · Zowe

Name of the Vulnerable Software and Affected Versions: Zowe versions 1.0.0 through 1.28.8 Zowe versions 2.0.0 through 2.18.0 Description: The health endpoint is public, allowing everybody to see a list of all services, which is potentially valuable information for attackers. Recommendations: For...

9CVSS7AI score0.00228EPSS
Exploits0References11
NVD
NVD
added 2024/07/19 11:15 a.m.23 views

CVE-2024-6916

A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag...

5.9CVSS0.00139EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/19 10:47 a.m.8 views

CVE-2024-6916 Zowe CLI --show-inputs-only displays securely stored properties

A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag...

5.9CVSS6.5AI score0.00139EPSS
Exploits0References1
Rows per page
Query Builder