149 matches found
CVE-2022-25195
A missing permission check in Jenkins autonomiq Plugin 1.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2022-25194
A cross-site request forgery CSRF vulnerability in Jenkins autonomiq Plugin 1.15 and earlier allows attackers to connect to an attacker-specified URL server using attacker-specified credentials...
CVE-2022-25195
A missing permission check in Jenkins autonomiq Plugin 1.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2022-25194
A cross-site request forgery CSRF vulnerability in Jenkins autonomiq Plugin 1.15 and earlier allows attackers to connect to an attacker-specified URL server using attacker-specified credentials...
Jenkins 插件权限许可和访问控制问题漏洞
Jenkins plug-ins are plug-ins that provide functionality for Jenkins. Jenkins Chef Sinatra Plugin Access Control Error Vulnerability. An attacker could use this vulnerability to allow Jenkins to send HTTP requests to an attacker-controlled URL and have it parse an XML response...
PT-2022-17134 · Jenkins · Jenkins Autonomiq Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins autonomiq Plugin versions 1.15 and earlier Description: A cross-site request forgery CSRF vulnerability exists due to the lack of permission checks in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to ...
CVE-2022-0110
Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
CVE-2022-20619
A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Opmantek Open-AudIT 跨站脚本漏洞
Opmantek Open-AudIT is an open source network discovery and auditing program from Opmantek USA. The program intelligently scans networks and network devices and provides status reports. A cross-site scripting vulnerability exists in Opmantek Open-AudIT Community version 4.2.0, which stems from th...
CVE-2021-40965
A Cross-Site Request Forgery CSRF vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker...
Jenkins 安全漏洞
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An improper privilege checkin...
PT-2021-14680 · Jenkins · Jenkins Team Foundation Server Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Team Foundation Server Plugin versions 5.157.1 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credential...
jenkins-2-plugins/blueocean: Blue Ocean Plugin does not perform permission checks in several HTTP endpoints implementing connection tests.
A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...
CloudBees Jenkins Perfecto Privilege Control Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A privilege control...
PT-2020-15485 · Jenkins · Jenkins Perfecto Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Perfecto Plugin versions 1.17 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials,...
X (Formerly Twitter): Android WebViews in Twitter app are vulnerable to UXSS due to configuration and CVE-2020-6506
Summary: CVSS score: 8.1 / High / CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Embargo notice: Do Not Disclose publicly until https://crbug.com/1083819 is disclosed. Twitter for Android is affected by a UXSS vulnerability due to its configuration of Android WebView and CVE-2020-6506. Vendor...
PT-2020-15323 · Jenkins · Jenkins Pipeline Github Notify Step Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline GitHub Notify Step Plugin versions 1.0.4 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing...
PT-2019-14731 · Jenkins · Jenkins Alauda Kubernetes Support Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Alauda Kubernetes Support Plugin versions 2.3.0 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentia...
PT-2019-11863 · Jenkins · Jenkins Elasticbox Jenkins Kubernetes Ci/Cd Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin affected versions not specified Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using...
PT-2019-11836 · Jenkins · Jenkins Icescrum Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins iceScrum Plugin versions 1.1.5 and earlier Description: A missing permission check in the Jenkins iceScrum Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified...