PT-2019-11848 · Jenkins · Jenkins Rundeck Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Rundeck Plugin affected versions not specified Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials. The plugin does not perform permission check...

PT-2019-11731 · Jenkins +1 · Jenkins Electricflow Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins ElectricFlow Plugin version 1.1.5 and earlier CloudBees CD Plugin affected versions not specified Description: A cross-site request forgery issue allows attackers to connect to a specified URL using specified credentials. This is due ...

CVE-2019-1003076

A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpldoTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

PT-2019-11366 · Jenkins · Jenkins Audit To Database Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Audit to Database Plugin affected versions not specified Description: A cross-site request forgery issue exists in the DbAuditPublisherDescriptorImpldoTestJdbcConnection form validation method, allowing attackers to initiate a...

Authorization Bypass

Jenkins crowd2 plugin is vulnerable to authorization bypass. A lack of authorization check in CrowdSecurityRealm.java allows an attacker to perform a connection test to a malicious server...

CVE-2018-1000422

An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings...

Quest KACE System Management Appliance Command Injection Vulnerability

The Quest KACE System Management Appliance provides comprehensive system management for all network-connected devices. A command injection vulnerability exists in the '/common/ajaxemailconnectiontest.php' script in Quest KACE System Management Appliance 8.0.318. An authenticated user can exploit...

MyConnection Server (MCS) 9.7i Cross Site Scripting

Author: 1N3 Website: http://treadstonesecurity.blogspot.ca Vender Website: http://www.visualware.com/ Affected Product: MyConnection Server Affected Version: 9.7i others may also be vulnerable ABOUT: MyConnection Server MCS delivers a broad range of support managed automated and user initiated...