Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openshift pipeline vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-3361
A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a K...
Opendatahub Open Data Hub Dashboard
Redhat Openshift Data Science -
NA
CVE-2023-32977
Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.
Jenkins Pipeline\\ Job
NA
CVE-2023-32981
An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and previous versions allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content.
Jenkins Pipeline Utility Steps
NA
CVE-2023-25762
Jenkins Pipeline: Build Step Plugin 2.18 and previous versions does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names.
Jenkins Pipeline\\ Build Step
NA
CVE-2022-45381
Jenkins Pipeline Utility Steps Plugin 2.13.1 and previous versions does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to c...
Jenkins Pipeline Utility Steps
NA
CVE-2022-43408
Jenkins Pipeline: Stage View Plugin 2.26 and previous versions does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resu...
Jenkins Pipeline\\ Stage View
NA
CVE-2022-43409
Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and previous versions does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create ...
Jenkins Pipeline\\ Supporting Apis
NA
CVE-2022-43402
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and previous versions allows attackers with permission to define and run sandboxed scripts, including Pipelines, to b...
Jenkins Pipeline\\ Groovy
NA
CVE-2022-43405
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and previous versions allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protect...
Jenkins Groovy Libraries
NA
CVE-2022-43406
A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and previous versions allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sand...
Jenkins Groovy Libraries
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »