7 matches found
CVE-2026-57305
A cross-site request forgery CSRF vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified username and password...
CVE-2026-57295
A cross-site request forgery CSRF vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a81c3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins...
Cross-site Request Forgery (CSRF)
org.jenkins-ci.plugins, publish-to-bitbucket is vulnerable to cross-site request forgery CSRF. The vulnerability is due to missing CSRF protection in the plugin configuration endpoints, which allows an attacker to force a victim to connect Jenkins to an attacker-controlled URL using...
CVE-2025-64141
A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...
PT-2022-4025 · Jenkins · Jenkins Openshift Deployer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins OpenShift Deployer Plugin versions 1.2.0 and earlier Description: The issue is related to a missing permission check in the plugin, which can be exploited by attackers with Overall/Read permission to connect to an attacker-specified U...
CVE-2022-28136
A cross-site request forgery CSRF vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2022-25194
A cross-site request forgery CSRF vulnerability in Jenkins autonomiq Plugin 1.15 and earlier allows attackers to connect to an attacker-specified URL server using attacker-specified credentials...