110 matches found
Jenkins Plugin GitLab Branch Source Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2024-1424 · Jenkins +1 · Jenkins Gitlab Branch Source Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins GitLab Branch Source Plugin versions 684.vea fa 7c1e2fe3 and earlier Description: The issue is related to insufficient access control in the Jenkins GitLab Branch Source Plugin. This allows attackers to configure and share a project,...
Jenkins Plugin GitLab Branch Source Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2024-1421 · Jenkins +1 · Jenkins Gitlab Branch Source Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins GitLab Branch Source Plugin versions 684.vea fa 7c1e2fe3 and earlier Description: The issue is related to a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified URL. Th...
Jenkins Plugin GitLab Branch Source Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin GitLab...
Jenkins plugins Multiple Vulnerabilities (2024-01-24)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Git server Plugin 99.va0826abcdfad and earlier does not disable a feature of its command parser that replaces an '@' character...
GHSA-73V5-W6FG-2M44 Jenkins Tuleap Git Branch Source Plugin allows unauthenticated attackers to trigger Tuleap projects whose configured repo matches attacker-specified value
A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value. Tuleap Git Branch Source Plugin 3.2.5 requires a token to access the webhook endpoi...
Jenkins Tuleap Git Branch Source Plugin allows unauthenticated attackers to trigger Tuleap projects whose configured repo matches attacker-specified value
A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value. Tuleap Git Branch Source Plugin 3.2.5 requires a token to access the webhook endpoi...
CVE-2022-43421
A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value...
Design/Logic Flaw
A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value...
PT-2022-6109 · Jenkins · Jenkins Tuleap Git Branch Source Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Tuleap Git Branch Source Plugin versions 3.2.4 and earlier Description: The issue is related to a missing permission check in the Jenkins Tuleap Git Branch Source Plugin, allowing unauthenticated attackers to trigger Tuleap projects...
Jenkins Tuleap Git Branch Source Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
CVE-2022-43421
A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value...
CVE-2022-43421
CVE-2022-43421 : In Jenkins, the Tuleap Git Branch Source Plugin (versions 3.2.4 and earlier) contains a missing permission check in the mechanism that triggers Tuleap projects. This allows unauthenticated attackers to trigger projects whose configured repository matches an attacker-specified val...
GHSA-6JP2-HGGX-8J7P Jenkins GitHub Branch Source Plugin allows any user with Overall/Read permission to get list of valid credentials IDs
GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part...
Jenkins GitHub Branch Source Plugin allows any user with Overall/Read permission to get list of valid credentials IDs
GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part...
GHSA-9CFQ-V2HM-C3XR Jenkins GitHub Branch Source Plugin vulnerable to Server-Side Request Forgery
A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. Additionally, this form validation method did not require POST...
Jenkins GitHub Branch Source Plugin vulnerable to Server-Side Request Forgery
A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. Additionally, this form validation method did not require POST...
Jenkins Bitbucket Branch Source Plugin Cross-Site Request Forgery Vulnerability
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . The Jenkins Bitbucket Branch Source Plugin suffers from a cross-site request forgery vulnerability that stems from a WE...
org.jenkins-ci.plugins:bitbucket-approval-filter (=1.0.0), org.jenkins-ci.plugins:bitbucket-filter-project-trait (=1.0) +1 more potentially affected by CVE-2022-20618 via org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (>=2.2.0 <=2.4.1)
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source MAVEN version =2.2.0, =1.0.0, =1.0.2 Source cves: CVE-2022-20618 Source advisory: OSV:GHSA-W2MH-6XJ5-F77F...