33 matches found
CVE-2022-25201
Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-25200
A cross-site request forgery CSRF vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-25201
Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-25201
CVE-2022-25201 affects Jenkins Checkmarx Plugin (versions 2022.1.2 and earlier). The vulnerability arises from missing permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials ID...
CVE-2022-25201
Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-25200
The CVE-2022-25200 entry concerns Jenkins Checkmarx Plugin (versions 2022.1.2 and earlier). The vulnerability is a CSRF flaw that allows an attacker with Overall/Read permission to cause the plugin to connect to an attacker‑controlled webserver using attacker‑supplied credentials IDs, thereby cap...
CVE-2022-25200
A cross-site request forgery CSRF vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-25200
A cross-site request forgery CSRF vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Jenkins 插件权限许可和访问控制问题漏洞
The Jenkins Plugin is a plug-in that provides appropriate functionality for Jenkins. Jenkins Checkmarx Plugin Access Control Error vulnerability. An attacker could use this vulnerability to connect to an attacker-specified Web server via an attacker-specified credential ID to capture credentials...
Jenkins 插件 跨站请求伪造漏洞
Jenkins plug-ins are plug-ins that provide appropriate functionality for Jenkins. Jenkins Checkmarx Plugin cross-site request forgery vulnerability. The vulnerability can be exploited by an attacker to connect to an attacker-specified web server via an attacker-specified credential ID to capture...
PT-2022-17139 · Jenkins · Jenkins Checkmarx Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Checkmarx Plugin versions 2022.1.2 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs, capturing credentials...
com.chaochaogege:hotelapi (>=0.0.1 <=0.0.2), com.chaochaogege:ujnbsapi (>=0.0.3 <=0.0.5) +14 more potentially affected by CVE-2020-35217 via io.vertx:vertx-web (>=4.0.0-milestone2 <=4.0.0-milestone4)
io.vertx:vertx-web MAVEN version =4.0.0-milestone2, =0.0.1, =0.0.3, =0.2.0, =0.2.0, =0.2.0, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone4 and more Source...