91 matches found
CSRF vulnerability in Proxmox Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for the entire Jenkins controller JVM as part ...
GHSA-2MGJ-MWVF-MPG5 Missing permission checks in Jenkins Proxmox Plugin
Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for...
GHSA-WJVR-2HJG-6RHJ CSRF vulnerability in Proxmox Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for the entire Jenkins controller JVM as part ...
CVE-2022-28143
A cross-site request forgery CSRF vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for the entire Jenkins controller JVM as part ...
CVE-2022-28144
Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for...
CVE-2022-28143
A cross-site request forgery CSRF vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for the entire Jenkins controller JVM as part ...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for the entire Jenkins controller JVM as part ...
CVE-2022-28144
Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for...
PT-2022-18843 · Jenkins · Jenkins Proxmox Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Proxmox Plugin version 0.7.0 and earlier Description: The issue allows attackers with Overall/Read permission to connect to a specified host using a specified username and password, and perform a connection test. This also enables the...
Jenkins Proxmox Plugin 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Proxmox Plugin 0.7.0 and earlier...
CVE-2022-0944
Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1...
Sql injection
Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1...
PT-2022-13544 · Sqlpad · Sqlpad
Name of the Vulnerable Software and Affected Versions: sqlpad versions prior to 6.10.1 Description: The issue is related to template injection in the connection test endpoint, which can lead to remote code execution RCE. This problem has been identified in the GitHub repository sqlpad/sqlpad. The...
Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU Improper Neutralization of Special Elements Used in an OS Command (CVE-2019-14931)
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's...
CSRF vulnerability in Jenkins Xray - Test Management for Jira Plugin allows capturing credentials
Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not require POST requests for a connection test method, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified...
CVE-2019-16560
A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system...
Design/Logic Flaw
A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system...
CVE-2019-16550
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...
CVE-2019-14931
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to t...
Command injection
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's...