Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2023/07/04 5:17 a.m.19 views

CVE-2023-35149

A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins...

4.2CVSS6.6AI score0.00658EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/07/04 5:17 a.m.15 views

CVE-2023-35148

A cross-site request forgery CSRF vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins...

4.2CVSS6.7AI score0.00452EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/06/16 12:0 a.m.48 views

Jenkins plugins Multiple Vulnerabilities (2023-06-14)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default. CVE-2023-3514...

8.1CVSS6.2AI score0.0083EPSS
Exploits0References11
OSV
OSV
added 2023/06/14 1:15 p.m.2 views

CVE-2023-35149

A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins...

6.5CVSS5.8AI score0.00658EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/06/14 12:53 p.m.36 views

CVE-2023-35149

A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins...

6.8AI score0.00658EPSS
Exploits0References2
CVE
CVE
added 2023/06/14 12:53 p.m.67 views

CVE-2023-35149

CVE-2023-35149 concerns Jenkins Digital.ai App Management Publisher Plugin (versions ≤ 2.6). A missing permission check in the plugin’s HTTP endpoints allows attackers with Overall/Read to connect to an attacker‑specified URL and use credentials IDs, leading to credential exposure. The issue also...

6.5CVSS6.2AI score0.00658EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/06/14 12:53 p.m.46 views

CVE-2023-35148

A cross-site request forgery CSRF vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins...

7AI score0.00452EPSS
Exploits0References2
CVE
CVE
added 2023/06/14 12:53 p.m.73 views

CVE-2023-35148

CVE-2023-35148 refers to a CSRF vulnerability in Jenkins Digital.ai App Management Publisher Plugin (version 2.6 and earlier). The core issue is missing permission checks across several HTTP endpoints, allowing an attacker with Overall/Read permission to cause the controller to connect to an atta...

6.5CVSS6.3AI score0.00452EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/06/14 12:0 a.m.3 views

Jenkins Plugin Digital.ai App Management Publisher 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS5.9AI score0.00452EPSS
Exploits0References3
Rows per page
Query Builder