Lucene search
+L

133 matches found

Cvelist
Cvelist
added 2025/05/14 8:35 p.m.32 views

CVE-2025-47886

A cross-site request forgery CSRF vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

0.00224EPSS
Exploits0References1
CVE
CVE
added 2025/05/14 8:35 p.m.51 views

CVE-2025-47887

CVE-2025-47887 concerns the Jenkins Cadence vManager Plugin. The root cause is missing permission checks in form validation methods, enabling attackers with Overall/Read to make the plugin connect to an attacker-specified URL using attacker-specified credentials. This also implies a CSRF risk sin...

4.3CVSS6.9AI score0.00292EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/24 6:31 p.m.38 views

CSRF vulnerability in Jenkins GitLab Branch Source Plugin

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier does not require POST requests for a form validation endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified URL. GitLab Branch Source Plugin...

4.3CVSS4.4AI score0.00323EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2024/01/24 6:15 p.m.17 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...

4.3CVSS6.8AI score0.00323EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/24 5:52 p.m.8 views

CVE-2024-23902

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...

6.9AI score0.00323EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2024/01/24 5:52 p.m.66 views

CVE-2024-23902

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...

4.3CVSS7AI score0.00323EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/01/24 5:52 p.m.39 views

CVE-2024-23902

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...

5.2AI score0.00323EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/12/13 5:30 p.m.35 views

CVE-2023-50778

A cross-site request forgery CSRF vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token...

8.9AI score0.00414EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2023/08/21 10:34 p.m.34 views

CVE-2023-4301

A cross-site request forgery CSRF vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

5.4CVSS6.8AI score0.00196EPSS
Exploits0References1
NVD
NVD
added 2023/07/12 4:15 p.m.18 views

CVE-2023-37955

A cross-site request forgery CSRF vulnerability in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

6.5CVSS0.00446EPSS
Exploits0References2
Prion
Prion
added 2023/07/12 4:15 p.m.15 views

Design/Logic Flaw

A missing permission check in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

4CVSS6.3AI score0.0062EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/07/12 4:15 p.m.18 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers to connect to an attacker-specified URL...

6.8CVSS8.7AI score0.00545EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/12 3:53 p.m.17 views

CVE-2023-37963

A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the Jenkins controller file system...

6.6AI score0.00502EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/06/14 12:53 p.m.27 views

CVE-2023-35149

A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins...

6.3AI score0.00658EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/14 12:0 a.m.3 views

PT-2023-25168 · Digital.Ai +1 · Jenkins Digital.Ai App Management Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Digital.ai App Management Publisher Plugin versions 2.6 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials...

6.5CVSS6.3AI score0.00658EPSS
Exploits0References7
OSV
OSV
added 2023/05/16 7:15 p.m.8 views

CVE-2023-2195

A cross-site request forgery CSRF vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL...

3.5CVSS5.8AI score0.00411EPSS
Exploits0References1
Prion
Prion
added 2023/05/16 7:15 p.m.18 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL...

3.5CVSS4.1AI score0.00411EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2023/05/16 6:2 p.m.40 views

CVE-2023-2195

A cross-site request forgery CSRF vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL...

4.3CVSS7AI score0.00411EPSS
Exploits0References1
OSV
OSV
added 2023/05/16 5:15 p.m.4 views

CVE-2023-32998

A cross-site request forgery CSRF vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...

8.8CVSS7.3AI score0.00502EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/05/16 12:0 a.m.5 views

Jenkins Code Dx Plugin 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.2AI score0.0039EPSS
Exploits0References4
Rows per page
Query Builder