133 matches found
Cross-Site Request Forgery in Jenkins ThreadFix Plugin
A cross-site request forgery CSRF vulnerability in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers to connect to an attacker-specified URL...
GHSA-24H8-CPQM-QMF3 Cross-Site Request Forgery in Jenkins Convertigo Mobile Platform Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL...
CVE-2022-34201
A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...
CVE-2022-34205
A cross-site request forgery CSRF vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL...
CVE-2022-34205
A cross-site request forgery CSRF vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL...
CVE-2022-34207
A cross-site request forgery CSRF vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL...
CVE-2022-34207
A cross-site request forgery CSRF vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL...
CVE-2022-34206
A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL...
CSRF vulnerability in Jenkins ElasTest Plugin
A cross-site request forgery CSRF vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...
Missing permission checks in Jenkins ElasTest Plugin
A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...
GHSA-66RM-WG7M-8PGV CSRF vulnerability in Jenkins ElasTest Plugin
A cross-site request forgery CSRF vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...
Jenkins JClouds Plugin missing permission check
Jenkins JClouds Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored ...
GHSA-26HW-262C-G9GC Exposure of sensitive information vulnerability in Jenkins Black Duck Hub Plugin
A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...
CSRF vulnerability in Jenkins Subversion Plugin
Subversion Plugin 2.15.3 and earlier does not require POST requests for several form validation methods, resulting in cross-site request forgery CSRF vulnerabilities. These vulnerabilities allow attackers to connect to an attacker-specified URL...
CVE-2022-28136
A cross-site request forgery CSRF vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2022-28136
A cross-site request forgery CSRF vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2022-0283
An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the request to the attacker specified URL...
Open redirect
An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the request to the attacker specified URL...
GHSA-P9GQ-76FJ-4P4P Missing permission checks in Jenkins Release Helper Plugin
A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2022-27214
A cross-site request forgery CSRF vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...