Lucene search
K

33 matches found

NVD
NVD
added 2022/02/15 5:15 p.m.15 views

CVE-2022-25201

Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS0.00731EPSS
Exploits0References1
OSV
OSV
added 2022/02/15 5:15 p.m.3 views

CVE-2022-25200

A cross-site request forgery CSRF vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS7.2AI score0.00544EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/02/15 5:15 p.m.8 views

CVE-2022-25201

Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS6.6AI score0.00731EPSS
Exploits0References2
Prion
Prion
added 2022/02/15 5:15 p.m.12 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.8CVSS8.6AI score0.00544EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/02/15 4:11 p.m.137 views

CVE-2022-25201

CVE-2022-25201 affects Jenkins Checkmarx Plugin (versions 2022.1.2 and earlier). The vulnerability arises from missing permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials ID...

6.5CVSS6.5AI score0.00731EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2022/02/15 4:11 p.m.105 views

CVE-2022-25201

Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS4.7AI score0.00731EPSS
Exploits0References1
CVE
CVE
added 2022/02/15 4:11 p.m.153 views

CVE-2022-25200

The CVE-2022-25200 entry concerns Jenkins Checkmarx Plugin (versions 2022.1.2 and earlier). The vulnerability is a CSRF flaw that allows an attacker with Overall/Read permission to cause the plugin to connect to an attacker‑controlled webserver using attacker‑supplied credentials IDs, thereby cap...

8.8CVSS8.6AI score0.00544EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/02/15 4:11 p.m.27 views

CVE-2022-25200

A cross-site request forgery CSRF vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.9AI score0.00544EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2022/02/15 4:11 p.m.67 views

CVE-2022-25200

A cross-site request forgery CSRF vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS4.5AI score0.00544EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/02/15 12:0 a.m.9 views

Jenkins 插件权限许可和访问控制问题漏洞

The Jenkins Plugin is a plug-in that provides appropriate functionality for Jenkins. Jenkins Checkmarx Plugin Access Control Error vulnerability. An attacker could use this vulnerability to connect to an attacker-specified Web server via an attacker-specified credential ID to capture credentials...

6.5CVSS5.6AI score0.00731EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/02/15 12:0 a.m.4 views

Jenkins 插件 跨站请求伪造漏洞

Jenkins plug-ins are plug-ins that provide appropriate functionality for Jenkins. Jenkins Checkmarx Plugin cross-site request forgery vulnerability. The vulnerability can be exploited by an attacker to connect to an attacker-specified web server via an attacker-specified credential ID to capture...

8.8CVSS5.4AI score0.00544EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/02/15 12:0 a.m.3 views

PT-2022-17139 · Jenkins · Jenkins Checkmarx Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Checkmarx Plugin versions 2022.1.2 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs, capturing credentials...

8.8CVSS8.5AI score0.00544EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2021/04/22 4:16 p.m.6 views

com.chaochaogege:hotelapi (>=0.0.1 <=0.0.2), com.chaochaogege:ujnbsapi (>=0.0.3 <=0.0.5) +14 more potentially affected by CVE-2020-35217 via io.vertx:vertx-web (>=4.0.0-milestone2 <=4.0.0-milestone4)

io.vertx:vertx-web MAVEN version =4.0.0-milestone2, =0.0.1, =0.0.3, =0.2.0, =0.2.0, =0.2.0, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone4 and more Source...

8.8CVSS7.2AI score0.0058EPSS
Exploits0
Rows per page
Query Builder