GHSA-PH87-4X2G-6HP4 Jenkins NeuVector Vulnerability Scanner Plugin missing permission check

Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...

Information Disclosure

Jenkins Active Directory Plugin is vulnerable to Information Disclosure. The vulnerability exists when it ignores the "Require TLS" and "StartTls" options and performs connection test without unencrypted which allows an attacker to gain access to sensitive information in the system...

PT-2023-26191 · Jenkins · Jenkins Active Directory Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Active Directory Plugin versions 2.30 and earlier Description: The issue allows attackers to capture network traffic between the Jenkins controller and Active Directory servers, potentially obtaining Active Directory credentials. This...

CVE-2022-47616

Hitron CODA-5310 has insufficient filtering for specific parameters in the connection test function. A remote attacker authenticated as an administrator, can use the management page to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service...

Command injection

Hitron CODA-5310 has insufficient filtering for specific parameters in the connection test function. A remote attacker authenticated as an administrator, can use the management page to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service...

PT-2023-3107 · Hitron · Hitron Coda-5310

Name of the Vulnerable Software and Affected Versions: Hitron CODA-5310 affected versions not specified Description: The issue exists due to insufficient measures to neutralize special elements used in the operating system command. A remote attacker, authenticated as an administrator, can exploit...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Apache Shardingsphere_Elasticjob-Ui

CVE-2022-22733 CVE-2022-22733 is a vulnerabilit that affects...

GHSA-WQ3W-3RXH-VCXX Jenkins OctoPerf Load Testing Plugin vulnerable to Cross-site Request Forgery

OctoPerf Load Testing Plugin Plugin 4.5.0 and earlier does not require POST requests for a connection test HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2023-28672

Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

PT-2023-21892 · Jenkins · Jenkins Octoperf Load Testing Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OctoPerf Load Testing Plugin Plugin versions 4.5.0 and earlier Description: A cross-site request forgery CSRF issue allows attackers to connect to a specified URL using attacker-specified credentials IDs, potentially capturing...

GHSA-3H2Q-M63Q-9CF6 Missing permission check in Perfecto Plugin

Perfecto Plugin 1.17 and earlier does not perform a permission check in a method implementing a connection test. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified username and password. Perfecto Plugin 1.18 requires...

GHSA-C3WF-RRHQ-RFP2 Cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin

A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system...

Jenkins Maven Release Plug-in Plugin XXE vulnerability

Jenkins Maven Release Plug-in Plugin retrieves XML from Nexus repository manager APIs. Maven Release Plug-in Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. While Jenkins users without Overall/Administer permission are not allowed to configu...

Cross-site request forgery (CSRF) vulnerability in Jenkins Maven Release Plugin

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...

Jenkins Oracle Cloud Infrastructure Compute Classic Plugin cross-site request forgery vulnerability

Jenkins Oracle Cloud Infrastructure Compute Classic Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to initiate a connection test to an attacker-specified server with attacker-specified username and password...

GHSA-H668-P5HG-7MC5 Jenkins Oracle Cloud Infrastructure Compute Classic Plugin cross-site request forgery vulnerability

Jenkins Oracle Cloud Infrastructure Compute Classic Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to initiate a connection test to an attacker-specified server with attacker-specified username and password...

GHSA-4C2W-WCW4-8JV9 Jenkins Rundeck Plugin CSRF vulnerability

Jenkins Rundeck Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to initiate a connection test to an attacker-specified server with attacker-specified username and password. Additionally, the form validation...

CSRF vulnerability in Proxmox Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for the entire Jenkins controller JVM as part ...

GHSA-WJVR-2HJG-6RHJ CSRF vulnerability in Proxmox Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for the entire Jenkins controller JVM as part ...

GHSA-2MGJ-MWVF-MPG5 Missing permission checks in Jenkins Proxmox Plugin

Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for...