9 matches found
CVE-2023-35149
A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
CVE-2023-35148
A cross-site request forgery CSRF vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
Jenkins plugins Multiple Vulnerabilities (2023-06-14)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default. CVE-2023-3514...
CVE-2023-35149
A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
CVE-2023-35149
A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
CVE-2023-35149
CVE-2023-35149 concerns Jenkins Digital.ai App Management Publisher Plugin (versions ≤ 2.6). A missing permission check in the plugin’s HTTP endpoints allows attackers with Overall/Read to connect to an attacker‑specified URL and use credentials IDs, leading to credential exposure. The issue also...
CVE-2023-35148
A cross-site request forgery CSRF vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
CVE-2023-35148
CVE-2023-35148 refers to a CSRF vulnerability in Jenkins Digital.ai App Management Publisher Plugin (version 2.6 and earlier). The core issue is missing permission checks across several HTTP endpoints, allowing an attacker with Overall/Read permission to cause the controller to connect to an atta...
Jenkins Plugin Digital.ai App Management Publisher 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...