Skip to main content

Bazaar

2 CVEs product

Monthly

CVE-2023-39156 Maven MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Bazaar
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2017-14176 PyPI HIGH PATCH GHSA This Week

Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Linux Ubuntu Linux Bazaar
NVD
CVSS 3.0
8.8
EPSS
1.8%
EPSS 0% CVSS 5.3
MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Bazaar
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Linux Ubuntu Linux +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy