Lucene search

K

Jenkins CRX Content Package Deployer Plugin Security Vulnerabilities

cve
cve

CVE-2022-34184

Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure...

5.4CVSS

5.2AI Score

0.001EPSS

2022-06-23 05:15 PM
75
4
cve
cve

CVE-2019-10439

A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in...

4.3CVSS

4.4AI Score

0.001EPSS

2019-10-16 02:15 PM
40
cve
cve

CVE-2019-10438

A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in...

6.5CVSS

6.3AI Score

0.001EPSS

2019-10-16 02:15 PM
40
cve
cve

CVE-2019-10437

A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in...

8.8CVSS

8.5AI Score

0.001EPSS

2019-10-16 02:15 PM
39