Lucene search
K

184 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:4 a.m.7 views

CVE-2022-25205

A cross-site request forgery CSRF vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if a class is available in the Jenkins instance...

8.8CVSS6.7AI score0.00527EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:4 a.m.8 views

CVE-2022-25199

A missing permission check in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials...

8.8CVSS6.5AI score0.00787EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:42 p.m.2 views

CVE-2022-41249

A cross-site request forgery CSRF vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS8.3AI score0.0039EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:38 p.m.5 views

CVE-2022-41227

A cross-site request forgery CSRF vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials...

8.8CVSS8.3AI score0.00462EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:44 p.m.7 views

CVE-2022-29050

A cross-site request forgery CSRF vulnerability in Jenkins Publish Over FTP Plugin 1.16 and earlier allows attackers to connect to an FTP server using attacker-specified credentials...

8.8CVSS6.7AI score0.00697EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:40 p.m.5 views

CVE-2022-28137

A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS6.5AI score0.00714EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:40 p.m.5 views

CVE-2022-28136

A cross-site request forgery CSRF vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

8.8CVSS6.7AI score0.00689EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:32 p.m.6 views

CVE-2022-25212

A cross-site request forgery CSRF vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials...

8.8CVSS6.8AI score0.00684EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:6 p.m.8 views

CVE-2021-42084

An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service...

6.5CVSS6.8AI score0.00898EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:0 p.m.10 views

CVE-2020-2147

A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...

4.3CVSS6.6AI score0.00811EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:30 p.m.6 views

CVE-2020-2303

A cross-site request forgery CSRF vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credentials...

4.3CVSS6.8AI score0.00671EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:2 p.m.15 views

CVE-2020-2203

A cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs...

4.3CVSS6.7AI score0.00665EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:54 p.m.9 views

CVE-2020-2235

A cross-site request forgery CSRF vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkin...

6.5CVSS6.6AI score0.00859EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:25 a.m.24 views

CVE-2019-10462

A cross-site request forgery vulnerability in Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials...

8.1CVSS6.6AI score0.007EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:21 a.m.8 views

CVE-2019-10441

A cross-site request forgery vulnerability in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS6.6AI score0.00665EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:46 a.m.9 views

CVE-2019-10442

A missing permission check in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS6.6AI score0.00656EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:57 a.m.10 views

CVE-2018-1999038

A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials...

4.9CVSS6.6AI score0.00483EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:56 a.m.11 views

CVE-2019-0786

An elevation of privilege vulnerability exists in the Microsoft Server Message Block SMB Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine, aka 'SMB Server Elevation of Privilege Vulnerability'...

9.8CVSS6.7AI score0.06999EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:8 a.m.12 views

CVE-2019-10331

A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in ConfigurationdoTestConnection allowed attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS6.6AI score0.01058EPSS
Exploits0References1
OSV
OSV
added 2025/05/14 9:31 p.m.8 views

GHSA-5W52-96JJ-FV59 Jenkins Cadence vManager Plugin Vulnerable to Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

4.3CVSS6.7AI score0.00224EPSS
Exploits0References5
Rows per page
Query Builder