106 matches found
CVE-2023-25767
A cross-site request forgery CSRF vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server...
CVE-2023-25766
A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
SUSE CVE-2018-3827
A sensitive data disclosure flaw was found in the Elasticsearch repository-azure formerly elasticsearch-cloud-azure plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be inadvertently logged...
CVE-2023-25766
A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2023-25766
CVE-2023-25766 concerns the Jenkins Azure Credentials Plugin (253.v887e0f9e898b and earlier). The root cause is a missing permission check that lets an attacker with Overall/Read access enumerate credential IDs stored in Jenkins. The vulnerability primarily enables information disclosure of crede...
CVE-2023-25768
A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server...
CVE-2023-25767
A cross-site request forgery CSRF vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server...
Jenkins Plugin Azure Credentials 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
CVE-2023-25767
A cross-site request forgery CSRF vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server...
CVE-2023-25767
CVE-2023-25767 is a CSRF vulnerability affecting Jenkins Azure Credentials Plugin in versions up to 253.v887e0f9e898b and earlier. The Red Hat and OSV entries confirm the flaw permits an attacker to trigger actions that cause the Jenkins client to connect to an attacker-controlled web server, due...
CVE-2023-25768
CVE-2023-25768 : A missing permission check in the Jenkins Azure Credentials Plugin (253.v887e0f9e898b and earlier) allows users with Overall/Read to connect to an attacker-specified web server. Documented impact: limited to integrity impact (I) and no confidentiality/availability impact per sour...
Jenkins Plugin Azure Credentials 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.9 Multiple Vulnerabilities (CloudBees Security Advisory 2023-02-15)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.9. It is, therefore, affected by multiple vulnerabilities including the following: - CSRF vulnerability and missing permission checks in Synopsys Coverity Plugin allow...
CVE-2023-25766
A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2023-25768
A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server...
CVE-2023-25767
A cross-site request forgery CSRF vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server...
IBM Robotic Process Automation 安全漏洞
IBM Robotic Process Automation is a robotic process automation product from IBM USA. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation version 21.0.0, version 21.0.1, and version 21.0.2 contains a security...
Elastic Elasticsearch < 6.3.0 Information Exposure Vulnerability (ESA-2018-11)
Elasticsearch is prone to an information exposure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2020-1978
TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability HA inadvertently collect Azure dashboard service account credentials. These credentials are equivalent to the credentials associated with the Contributor role in...
Elasticsearch repository-azure information disclosure vulnerability
Elasticsearch is the Netherlands Elasticsearch company based on Lucene built a set of open source distributed RESTful search engine , it is mainly used in cloud computing , and supports the use of JSON via HTTP for data indexing . repository-azure is one of the repository plugin . An information...