Lucene search
+L

133 matches found

Github Security Blog
Github Security Blog
added 2022/06/24 12:0 a.m.24 views

Cross-Site Request Forgery in Jenkins ThreadFix Plugin

A cross-site request forgery CSRF vulnerability in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers to connect to an attacker-specified URL...

6.5CVSS6.9AI score0.00617EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/06/24 12:0 a.m.37 views

GHSA-24H8-CPQM-QMF3 Cross-Site Request Forgery in Jenkins Convertigo Mobile Platform Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL...

4.3CVSS8.6AI score0.00503EPSS
Exploits0References3
NVD
NVD
added 2022/06/23 5:15 p.m.15 views

CVE-2022-34201

A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

6.5CVSS0.00574EPSS
Exploits0References1
OSV
OSV
added 2022/06/23 5:15 p.m.5 views

CVE-2022-34205

A cross-site request forgery CSRF vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL...

6.5CVSS6.5AI score0.00468EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/06/23 5:15 p.m.3 views

CVE-2022-34205

A cross-site request forgery CSRF vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL...

6.5CVSS6.5AI score0.00468EPSS
Exploits0References2
NVD
NVD
added 2022/06/23 5:15 p.m.43 views

CVE-2022-34207

A cross-site request forgery CSRF vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL...

6.5CVSS0.00468EPSS
Exploits0References1
OSV
OSV
added 2022/06/23 5:15 p.m.5 views

CVE-2022-34207

A cross-site request forgery CSRF vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL...

6.5CVSS6.3AI score0.00468EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/06/22 2:41 p.m.40 views

CVE-2022-34206

A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL...

6.8AI score0.00525EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/24 5:28 p.m.28 views

CSRF vulnerability in Jenkins ElasTest Plugin

A cross-site request forgery CSRF vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS5AI score0.00679EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:28 p.m.24 views

Missing permission checks in Jenkins ElasTest Plugin

A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS4.5AI score0.00656EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 5:28 p.m.17 views

GHSA-66RM-WG7M-8PGV CSRF vulnerability in Jenkins ElasTest Plugin

A cross-site request forgery CSRF vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS4.5AI score0.00679EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 4:52 p.m.25 views

Jenkins JClouds Plugin missing permission check

Jenkins JClouds Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored ...

6.5CVSS6.5AI score0.00974EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2022/05/14 3:13 a.m.13 views

GHSA-26HW-262C-G9GC Exposure of sensitive information vulnerability in Jenkins Black Duck Hub Plugin

A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

6.5CVSS6.2AI score0.00988EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/04/13 12:0 a.m.35 views

CSRF vulnerability in Jenkins Subversion Plugin

Subversion Plugin 2.15.3 and earlier does not require POST requests for several form validation methods, resulting in cross-site request forgery CSRF vulnerabilities. These vulnerabilities allow attackers to connect to an attacker-specified URL...

4.3CVSS6.8AI score0.01802EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/03/29 1:15 p.m.18 views

CVE-2022-28136

A cross-site request forgery CSRF vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

8.8CVSS6.7AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/03/29 12:30 p.m.17 views

CVE-2022-28136

A cross-site request forgery CSRF vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

6.7AI score0.00689EPSS
Exploits0References2
NVD
NVD
added 2022/03/28 7:15 p.m.17 views

CVE-2022-0283

An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the request to the attacker specified URL...

6.1CVSS0.00739EPSS
Exploits0References2
Prion
Prion
added 2022/03/28 7:15 p.m.13 views

Open redirect

An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the request to the attacker specified URL...

5.8CVSS6.1AI score0.00739EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/03/16 12:0 a.m.51 views

GHSA-P9GQ-76FJ-4P4P Missing permission checks in Jenkins Release Helper Plugin

A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS4.7AI score0.00732EPSS
Exploits0References4
NVD
NVD
added 2022/03/15 5:15 p.m.21 views

CVE-2022-27214

A cross-site request forgery CSRF vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS0.00484EPSS
Exploits0References2
Rows per page
Query Builder