Lucene search
+L

149 matches found

OSV
OSV
added 2022/02/15 5:15 p.m.4 views

CVE-2022-25195

A missing permission check in Jenkins autonomiq Plugin 1.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS5.8AI score0.0055EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/02/15 5:15 p.m.6 views

CVE-2022-25194

A cross-site request forgery CSRF vulnerability in Jenkins autonomiq Plugin 1.15 and earlier allows attackers to connect to an attacker-specified URL server using attacker-specified credentials...

8.8CVSS7.2AI score0.00527EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/02/15 5:15 p.m.13 views

CVE-2022-25195

A missing permission check in Jenkins autonomiq Plugin 1.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS5.8AI score0.0055EPSS
Exploits0References2
OSV
OSV
added 2022/02/15 5:15 p.m.4 views

CVE-2022-25194

A cross-site request forgery CSRF vulnerability in Jenkins autonomiq Plugin 1.15 and earlier allows attackers to connect to an attacker-specified URL server using attacker-specified credentials...

8.8CVSS5.7AI score0.00527EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/02/15 12:0 a.m.6 views

Jenkins 插件权限许可和访问控制问题漏洞

Jenkins plug-ins are plug-ins that provide functionality for Jenkins. Jenkins Chef Sinatra Plugin Access Control Error Vulnerability. An attacker could use this vulnerability to allow Jenkins to send HTTP requests to an attacker-controlled URL and have it parse an XML response...

8.8CVSS5.7AI score0.01097EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/02/15 12:0 a.m.12 views

PT-2022-17134 · Jenkins · Jenkins Autonomiq Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins autonomiq Plugin versions 1.15 and earlier Description: A cross-site request forgery CSRF vulnerability exists due to the lack of permission checks in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to ...

8.8CVSS8.5AI score0.00527EPSS
Exploits0References5
OSV
OSV
added 2022/02/12 12:15 a.m.6 views

CVE-2022-0110

Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

4.3CVSS8.3AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/01/12 8:15 p.m.5 views

CVE-2022-20619

A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

7.1CVSS7AI score0.00655EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/12/20 12:0 a.m.5 views

Opmantek Open-AudIT 跨站脚本漏洞

Opmantek Open-AudIT is an open source network discovery and auditing program from Opmantek USA. The program intelligently scans networks and network devices and provides status reports. A cross-site scripting vulnerability exists in Opmantek Open-AudIT Community version 4.2.0, which stems from th...

6.1CVSS6AI score0.03709EPSS
Exploits4References7
OSV
OSV
added 2021/09/15 6:15 p.m.5 views

CVE-2021-40965

A Cross-Site Request Forgery CSRF vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker...

8.8CVSS7.3AI score0.00596EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/04/07 12:0 a.m.6 views

Jenkins 安全漏洞

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An improper privilege checkin...

6.5CVSS5.8AI score0.01183EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/03/30 12:0 a.m.3 views

PT-2021-14680 · Jenkins · Jenkins Team Foundation Server Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Team Foundation Server Plugin versions 5.157.1 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credential...

6.5CVSS6.2AI score0.00972EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2020/10/27 2:53 p.m.8 views

jenkins-2-plugins/blueocean: Blue Ocean Plugin does not perform permission checks in several HTTP endpoints implementing connection tests.

A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

4.3CVSS5.8AI score0.00849EPSS
Exploits0References6
CNVD
CNVD
added 2020/09/17 12:0 a.m.4 views

CloudBees Jenkins Perfecto Privilege Control Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A privilege control...

4.3CVSS7.1AI score0.00656EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/09/16 12:0 a.m.6 views

PT-2020-15485 · Jenkins · Jenkins Perfecto Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Perfecto Plugin versions 1.17 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials,...

4.3CVSS4.4AI score0.00656EPSS
Exploits0References6
Hacker One
Hacker One
added 2020/06/23 10:2 p.m.36 views

X (Formerly Twitter): Android WebViews in Twitter app are vulnerable to UXSS due to configuration and CVE-2020-6506

Summary: CVSS score: 8.1 / High / CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Embargo notice: Do Not Disclose publicly until https://crbug.com/1083819 is disclosed. Twitter for Android is affected by a UXSS vulnerability due to its configuration of Android WebView and CVE-2020-6506. Vendor...

4.3CVSS8.4AI score0.03819EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2020/02/12 12:0 a.m.8 views

PT-2020-15323 · Jenkins · Jenkins Pipeline Github Notify Step Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline GitHub Notify Step Plugin versions 1.0.4 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing...

8.8CVSS8.5AI score0.00678EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2019/12/17 12:0 a.m.8 views

PT-2019-14731 · Jenkins · Jenkins Alauda Kubernetes Support Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Alauda Kubernetes Support Plugin versions 2.3.0 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentia...

6.5CVSS6.3AI score0.00852EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/10/23 12:0 a.m.9 views

PT-2019-11863 · Jenkins · Jenkins Elasticbox Jenkins Kubernetes Ci/Cd Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin affected versions not specified Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using...

6.5CVSS6.2AI score0.00836EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2019/10/16 12:0 a.m.6 views

PT-2019-11836 · Jenkins · Jenkins Icescrum Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins iceScrum Plugin versions 1.1.5 and earlier Description: A missing permission check in the Jenkins iceScrum Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified...

4.3CVSS4.4AI score0.00656EPSS
Exploits0References7
Rows per page
Query Builder