Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openshift pipeline vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-3361
A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a K...
Opendatahub Open Data Hub Dashboard
Redhat Openshift Data Science -
8.8
CVSSv3
CVE-2023-32981
An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and previous versions allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content.
Jenkins Pipeline Utility Steps
5.4
CVSSv3
CVE-2023-32977
Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.
Jenkins Pipeline\\ Job
5.4
CVSSv3
CVE-2023-25762
Jenkins Pipeline: Build Step Plugin 2.18 and previous versions does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names.
Jenkins Pipeline\\ Build Step
8.1
CVSSv3
CVE-2022-45381
Jenkins Pipeline Utility Steps Plugin 2.13.1 and previous versions does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to c...
Jenkins Pipeline Utility Steps
9.9
CVSSv3
CVE-2022-43402
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and previous versions allows attackers with permission to define and run sandboxed scripts, including Pipelines, to b...
Jenkins Pipeline\\ Groovy
9.9
CVSSv3
CVE-2022-43405
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and previous versions allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protect...
Jenkins Groovy Libraries
9.9
CVSSv3
CVE-2022-43406
A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and previous versions allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sand...
Jenkins Groovy Libraries
8.8
CVSSv3
CVE-2022-43407
Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and previous versions does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step (proceed or abort)...
Jenkins Pipeline\\ Input Step
6.5
CVSSv3
CVE-2022-43408
Jenkins Pipeline: Stage View Plugin 2.26 and previous versions does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resu...
Jenkins Pipeline\\ Stage View
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »