186 matches found
PT-2019-11781 · Jenkins · Jenkins Xl Testview Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins XL TestView Plugin versions 1.2.0 and earlier Description: A missing permission check in the XLTestView.XLTestDescriptordoTestConnection function allows users with Overall/Read access to connect to an attacker-specified URL using...
PT-2019-11706 · Jenkins · Jenkins Xebialabs Xl Deploy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins XebiaLabs XL Deploy Plugin affected versions not specified Description: A cross-site request forgery issue in the CredentialdoValidateUserNamePassword form validation method allows attackers to initiate a connection to an...
CVE-2018-1000422
An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings...
CloudBees Jenkins Confluence Publisher Plugin Server-Side Request Forgery Vulnerability
CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Confluence Publisher Plugin is used ...
CloudBees Jenkins Publisher Over CIFS Plugin Privilege Check Vulnerability
CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Publisher Over CIFS Plugin is to use...
ezbounce 1.01.5 - Format String
ezbounce 1.01.5 - Format String // source: https://www.securityfocus.com/bid/8071/info It has been reported that ezbounce is affected by a format string vulnerability. The condition is present in the file "ezbounce/commands.cpp" and can be triggered when session support is enabled. To exploit thi...