Jenkins Oracle Cloud Infrastructure Compute Classic Plugin cross-site request forgery vulnerability

Jenkins Oracle Cloud Infrastructure Compute Classic Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to initiate a connection test to an attacker-specified server with attacker-specified username and password...

CloudBees Jenkins Oracle Cloud Infrastructure Compute Classic plugin cross-site request forgery vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed execution of the task.Oracle Cloud Infrastructure...

Unspecified Vulnerability in CloudBees Jenkins Oracle Cloud Infrastructure Compute Classic Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed execution of the task.Oracle Cloud Infrastructure...

CVE-2019-10457

A missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2019-10456

A cross-site request forgery vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

Design/Logic Flaw

A missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2019-10456

A cross-site request forgery vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2019-10456

CVE-2019-10456 is a CSRF vulnerability in the Jenkins Oracle Cloud Infrastructure Compute Classic Plugin. The issue arises because a method implementing form validation lacks proper permission checks, allowing users with Overall/Read access to initiate a connection test to an attacker‑specified U...

CVE-2019-10457

CVE-2019-10457 : The Jenkins Oracle Cloud Infrastructure Compute Classic Plugin has a missing permission check that allows attackers with Overall/Read to trigger connections to an attacker-specified URL using attacker-specified credentials. Affected component: Jenkins plugin for Oracle Cloud Infr...

PT-2019-11850 · Jenkins · Jenkins Oracle Cloud Infrastructure Compute Classic Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Oracle Cloud Infrastructure Compute Classic Plugin affected versions not specified Description: A cross-site request forgery issue exists, allowing attackers to connect to a specified URL using specified credentials. The plugin does n...