Lucene search
+L

109 matches found

vulnersOsv
vulnersOsv
added 2022/01/13 12:1 a.m.6 views

org.jenkins-ci.plugins:bitbucket-approval-filter (=1.0.0), org.jenkins-ci.plugins:bitbucket-filter-project-trait (=1.0) +1 more potentially affected by CVE-2022-20619 via org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (>=2.2.0 <=2.4.1)

org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source MAVEN version =2.2.0, =1.0.0, =1.0.2 Source cves: CVE-2022-20619 Source advisory: OSV:GHSA-W4JV-6RG4-PR4M...

7.1CVSS7AI score0.00655EPSS
Exploits0
OSV
OSV
added 2022/01/13 12:1 a.m.24 views

GHSA-W4JV-6RG4-PR4M Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin

Jenkins Bitbucket Branch Source Plugin prior to 746.v350d2781c184, 725.vd9f8be0fa250, 2.9.11.2, and 2.9.7.2 does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This allows attackers with Overall/Read access to connect to an...

7.1CVSS7AI score0.00655EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/01/12 8:15 p.m.5 views

CVE-2022-20619

A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

7.1CVSS7AI score0.00655EPSS
Exploits0References3
OSV
OSV
added 2022/01/12 8:15 p.m.25 views

CVE-2022-20619

A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

7.1CVSS6.9AI score
Exploits0References2
NVD
NVD
added 2022/01/12 8:15 p.m.29 views

CVE-2022-20619

A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

7.1CVSS0.00655EPSS
Exploits0References2
NVD
NVD
added 2022/01/12 8:15 p.m.25 views

CVE-2022-20618

A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS0.00852EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/01/12 8:15 p.m.9 views

CVE-2022-20618

A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.8AI score0.00852EPSS
Exploits0References3
CVE
CVE
added 2022/01/12 7:5 p.m.140 views

CVE-2022-20619

CVE-2022-20619 applies to Jenkins Bitbucket Branch Source Plugin prior to 737.vdf9dc06105be. It describes a cross-site request forgery (CSRF) vulnerability that lets an attacker cause Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing c...

7.1CVSS6.8AI score0.00655EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/01/12 7:5 p.m.41 views

CVE-2022-20619

A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

7.6AI score0.00655EPSS
Exploits0References2
CVE
CVE
added 2022/01/12 7:5 p.m.114 views

CVE-2022-20618

The CVE-2022-20618 entry affects Jenkins Bitbucket Branch Source Plugin (versions prior to 737.vdf9dc06105be). The root cause is a missing permission check on multiple HTTP endpoints, which allows attackers with Overall/Read access to enumerate credentials IDs stored in Jenkins. This credential d...

4.3CVSS4.3AI score0.00852EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/01/12 7:5 p.m.31 views

CVE-2022-20618

A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins...

5.8AI score0.00852EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/01/12 12:0 a.m.9 views

Jenkins Plugin 跨站请求伪造漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . The Jenkins Bitbucket Branch Source Plugin suffers from a cross-site request forgery vulnerability that stems from a WE...

7.1CVSS5.6AI score0.00655EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/01/12 12:0 a.m.3 views

PT-2022-14826 · Jenkins · Jenkins Bitbucket Branch Source Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Bitbucket Branch Source Plugin versions 737.vdf9dc06105be and earlier Jenkins Bitbucket Branch Source Plugin versions prior to 746.v350d2781c184 Jenkins Bitbucket Branch Source Plugin versions prior to 725.vd9f8be0fa250 Jenkins...

4.3CVSS4.2AI score0.00852EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2022/01/12 12:0 a.m.3 views

PT-2022-14827 · Jenkins · Jenkins Bitbucket Branch Source Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Bitbucket Branch Source Plugin versions prior to 746.v350d2781c184 Jenkins Bitbucket Branch Source Plugin versions prior to 725.vd9f8be0fa250 Jenkins Bitbucket Branch Source Plugin versions prior to 2.9.11.2 Jenkins Bitbucket Branch...

7.1CVSS6.8AI score0.00655EPSS
Exploits0References10
CNVD
CNVD
added 2018/06/07 12:0 a.m.34 views

CloudBees Jenkins GitHub Branch Source Plugin Server-Side Request Forgery Vulnerability

CloudBees Jenkins is a set of Java-based continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . GitHub Branch Source Plugin is used in one of the Jenkins used to view, operate the...

4.3CVSS4.9AI score0.00642EPSS
Exploits0References1
NVD
NVD
added 2018/06/05 8:29 p.m.25 views

CVE-2018-1000185

A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL...

4.3CVSS4.5AI score0.00642EPSS
Exploits0References1
OSV
OSV
added 2018/06/05 8:29 p.m.20 views

CVE-2018-1000185

A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL...

4.3CVSS4.9AI score
Exploits0References1
CVE
CVE
added 2018/06/05 8:0 p.m.83 views

CVE-2018-1000185

The CVE-2018-1000185 entry concerns Jenkins GitHub Branch Source Plugin (versions

4.3CVSS4.5AI score0.00642EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/05 8:0 p.m.24 views

CVE-2018-1000185

A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL...

4.5AI score0.00642EPSS
Exploits0References1
CNVD
CNVD
added 2017/10/31 12:0 a.m.5 views

CloudBees GitHub Branch Source plugin enumeration vulnerability

CloudBees GitHub Branch Source plugin is the U.S. CloudBees company's Jenkins Java-based development of continuous integration tools in a GitHub branch plugin . The CloudBees GitHub Branch Source plugin suffers from an enumeration vulnerability that stems from the program failing to detect...

4.3CVSS4.9AI score0.00786EPSS
Exploits0References1
Rows per page
Query Builder