Lucene search
K

91 matches found

Github Security Blog
Github Security Blog
added 2022/03/30 12:0 a.m.25 views

CSRF vulnerability in Proxmox Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for the entire Jenkins controller JVM as part ...

6.5CVSS6.5AI score0.00523EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/03/30 12:0 a.m.20 views

GHSA-2MGJ-MWVF-MPG5 Missing permission checks in Jenkins Proxmox Plugin

Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for...

6.5CVSS6.8AI score0.0079EPSS
Exploits0References3
OSV
OSV
added 2022/03/30 12:0 a.m.11 views

GHSA-WJVR-2HJG-6RHJ CSRF vulnerability in Proxmox Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for the entire Jenkins controller JVM as part ...

6.5CVSS6.9AI score0.00523EPSS
Exploits0References3
NVD
NVD
added 2022/03/29 1:15 p.m.15 views

CVE-2022-28143

A cross-site request forgery CSRF vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for the entire Jenkins controller JVM as part ...

6.5CVSS0.00523EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/03/29 1:15 p.m.2 views

CVE-2022-28144

Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for...

7.5CVSS5.9AI score0.0079EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/03/29 1:15 p.m.1 views

CVE-2022-28143

A cross-site request forgery CSRF vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for the entire Jenkins controller JVM as part ...

7.5CVSS5.8AI score0.00642EPSS
Exploits0References3
Prion
Prion
added 2022/03/29 1:15 p.m.20 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for the entire Jenkins controller JVM as part ...

4CVSS6.6AI score0.00642EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/03/29 12:31 p.m.34 views

CVE-2022-28144

Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for...

7.2AI score0.0079EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/03/29 12:0 a.m.2 views

PT-2022-18843 · Jenkins · Jenkins Proxmox Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Proxmox Plugin version 0.7.0 and earlier Description: The issue allows attackers with Overall/Read permission to connect to a specified host using a specified username and password, and perform a connection test. This also enables the...

6.5CVSS6.2AI score0.0079EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/03/29 12:0 a.m.6 views

Jenkins Proxmox Plugin 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Proxmox Plugin 0.7.0 and earlier...

6.5CVSS5.4AI score0.00523EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/03/15 1:15 a.m.7 views

CVE-2022-0944

Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1...

9.1CVSS7.4AI score0.08669EPSS
Exploits12References3
Prion
Prion
added 2022/03/15 1:15 a.m.58 views

Sql injection

Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1...

6.5CVSS7.1AI score0.08669EPSS
Exploits12References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/03/15 12:0 a.m.4 views

PT-2022-13544 · Sqlpad · Sqlpad

Name of the Vulnerable Software and Affected Versions: sqlpad versions prior to 6.10.1 Description: The issue is related to template injection in the connection test endpoint, which can lead to remote code execution RCE. This problem has been identified in the GitHub repository sqlpad/sqlpad. The...

9.1CVSS9.9AI score0.08669EPSS
Exploits12References14
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.26 views

Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU Improper Neutralization of Special Elements Used in an OS Command (CVE-2019-14931)

An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's...

10CVSS8.9AI score0.5766EPSS
Exploits3References4
Github Security Blog
Github Security Blog
added 2021/06/16 5:28 p.m.57 views

CSRF vulnerability in Jenkins Xray - Test Management for Jira Plugin allows capturing credentials

Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not require POST requests for a connection test method, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified...

7.1CVSS6.5AI score0.00642EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2019/12/17 3:15 p.m.18 views

CVE-2019-16560

A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system...

8.8CVSS6.6AI score
Exploits0References2
Prion
Prion
added 2019/12/17 3:15 p.m.17 views

Design/Logic Flaw

A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system...

5.5CVSS5.3AI score0.00676EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/12/17 2:40 p.m.33 views

CVE-2019-16550

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...

8.7AI score0.0064EPSS
Exploits0References2
OSV
OSV
added 2019/10/28 1:15 p.m.4 views

CVE-2019-14931

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to t...

9.8CVSS7.6AI score0.5766EPSS
Exploits3References2
Prion
Prion
added 2019/10/28 1:15 p.m.18 views

Command injection

An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's...

10CVSS10AI score0.5766EPSS
Exploits3References2Affected Software2
Rows per page
Query Builder