Skip to main content

Koji

5 CVEs product

Monthly

CVE-2019-17109 PyPI MEDIUM PATCH This Month

Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Koji
NVD
CVSS 3.1
6.5
EPSS
2.8%
CVE-2019-10314 Maven MEDIUM This Month

Jenkins Koji Plugin disables SSL/TLS and hostname verification globally for the Jenkins master JVM. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jenkins Information Disclosure Koji
NVD
CVSS 3.0
5.9
EPSS
1.5%
CVE-2019-10298 Maven HIGH This Week

Jenkins Koji Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Koji
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2018-1002150 PyPI CRITICAL PATCH Act Now

Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Koji
NVD
CVSS 3.0
9.1
EPSS
1.7%
CVE-2017-1002153 PyPI HIGH PATCH This Week

Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Koji
NVD
CVSS 3.1
7.5
EPSS
0.2%
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Koji
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

Jenkins Koji Plugin disables SSL/TLS and hostname verification globally for the Jenkins master JVM. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jenkins Information Disclosure Koji
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Jenkins Koji Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Koji
NVD
EPSS 2% CVSS 9.1
CRITICAL PATCH Act Now

Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Koji
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Koji
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy