Lucene search
+L

186 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:8 a.m.13 views

CVE-2019-10331

A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in ConfigurationdoTestConnection allowed attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS6.6AI score0.01058EPSS
Exploits0References1
OSV
OSV
added 2025/05/14 9:31 p.m.8 views

GHSA-5W52-96JJ-FV59 Jenkins Cadence vManager Plugin Vulnerable to Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

4.3CVSS6.7AI score0.00224EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/05/14 8:35 p.m.9 views

CVE-2025-47886

A cross-site request forgery CSRF vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

6.8AI score0.00224EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/05/14 8:35 p.m.4 views

CVE-2025-47886

A cross-site request forgery CSRF vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

4.3CVSS7.2AI score0.00224EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/05/14 8:35 p.m.5 views

CVE-2025-47887

Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

4.3CVSS7AI score0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/07 5:21 p.m.4 views

CVE-2025-20173

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this...

7.7CVSS6.9AI score0.00736EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/03 12:0 a.m.6 views

PT-2024-3819 · Cisco · Cisco Enterprise Chat/Email

Name of the Vulnerable Software and Affected Versions: Cisco Enterprise Chat and Email ECE affected versions not specified Description: A vulnerability in the web UI of Cisco Enterprise Chat and Email ECE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack...

5.5CVSS6.2AI score0.00373EPSS
Exploits0References3
OSV
OSV
added 2023/09/06 1:15 p.m.3 views

CVE-2023-41946

A cross-site request forgery CSRF vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified...

3.5CVSS5.7AI score0.00271EPSS
Exploits0References2
OSV
OSV
added 2023/09/06 1:15 p.m.6 views

CVE-2023-41947

A missing permission check in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to Frugal Testing using attacker-specified credentials...

4.3CVSS5.8AI score0.00371EPSS
Exploits0References2
OSV
OSV
added 2023/08/21 11:15 p.m.8 views

CVE-2023-4302

A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS5.8AI score0.00268EPSS
Exploits0References1
OSV
OSV
added 2023/07/12 4:15 p.m.6 views

CVE-2023-37955

A cross-site request forgery CSRF vulnerability in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

6.5CVSS5.7AI score0.00446EPSS
Exploits0References2
OSV
OSV
added 2023/05/16 4:15 p.m.5 views

CVE-2023-32978

A cross-site request forgery CSRF vulnerability in Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials...

4.3CVSS5.7AI score0.003EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/16 4:0 p.m.11 views

CVE-2023-32987

A cross-site request forgery CSRF vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials...

7.1AI score0.0045EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/23 11:26 a.m.8 views

CVE-2023-28675

A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials...

4.4AI score0.00425EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/03/23 12:0 a.m.4 views

PT-2023-21896 · Jenkins · Jenkins Octoperf Load Testing Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OctoPerf Load Testing Plugin versions 4.5.2 and earlier Description: A missing permission check in the Jenkins OctoPerf Load Testing Plugin allows attackers to connect to a previously configured Octoperf server using attacker-specifie...

4.3CVSS4.5AI score0.00425EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.5 views

SUSE CVE-2020-2241

A cross-site request forgery CSRF vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials...

8.8CVSS8.4AI score0.00691EPSS
Exploits0References3
OSV
OSV
added 2023/01/26 9:18 p.m.1 views

CVE-2023-24448

A missing permission check in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified AMQPS URL using attacker-specified username and password...

6.5CVSS6.6AI score0.00723EPSS
Exploits0References1
OSV
OSV
added 2023/01/26 9:18 p.m.2 views

CVE-2023-24453

A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

6.5CVSS6.6AI score0.00723EPSS
Exploits0References1
OSV
OSV
added 2023/01/26 9:18 p.m.3 views

CVE-2023-24447

A cross-site request forgery CSRF vulnerability in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers to connect to an attacker-specified AMQPS URL using attacker-specified username and password...

8.8CVSS7.2AI score0.00515EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.8 views

PT-2023-19598 · Jenkins · Jenkins Jira Pipeline Steps Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins JIRA Pipeline Steps Plugin versions 2.0.165.v8846cf59f3db and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified...

6.5CVSS6.2AI score0.00769EPSS
Exploits0References4
Rows per page
Query Builder