Jenkins Start Windocks Containers Plugin vulnerable to cross-site request forgery

Jenkins Start Windocks Containers Plugin 1.4 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this endpoint does not require POST requests, resulting in a cross-site reque...

GHSA-6MGR-3374-4P3C Jenkins Start Windocks Containers Plugin vulnerable to cross-site request forgery

Jenkins Start Windocks Containers Plugin 1.4 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this endpoint does not require POST requests, resulting in a cross-site reque...

GHSA-MJ6V-4WR4-GJ57 Jenkins Start Windocks Containers Plugin is missing a permission check

Jenkins Start Windocks Containers Plugin 1.4 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this endpoint does not require POST requests, resulting in a cross-site reque...

CVE-2025-64139

A missing permission check in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2025-64138

A cross-site request forgery CSRF vulnerability in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL...

CVE-2025-64138

A cross-site request forgery CSRF vulnerability in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL...

CVE-2025-64139

A missing permission check in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2025-64139

A missing permission check in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2025-64139

CVE-2025-64139 affects Jenkins Start Windocks Containers Plugin versions 1.4 and earlier. A missing permission check on an HTTP endpoint allows an attacker with Overall/Read permission to connect to an attacker-specified URL. Related advisories corroborate that this wormable-like behavior is via ...

CVE-2025-64139

A missing permission check in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2025-64138

A cross-site request forgery CSRF vulnerability in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL...

CVE-2025-64138

The CVE-2025-64138 entry concerns Jenkins Start Windocks Containers Plugin (versions 1.4 and earlier). The issue is a CSRF vulnerability in an HTTP endpoint that allows attackers with Overall/Read permission to trigger connections to an attacker-specified URL, even without POST requests. Multiple...

CVE-2025-64138

A cross-site request forgery CSRF vulnerability in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL...

PT-2025-44288

Name of the Vulnerable Software and Affected Versions Jenkins Start Windocks Containers Plugin versions 1.4 and earlier Description A missing permission check allows attackers with Overall/Read permission to connect to a URL specified by the attacker. Recommendations Update Jenkins Start Windocks...

PT-2025-44287

Name of the Vulnerable Software and Affected Versions Jenkins Start Windocks Containers Plugin versions 1.4 and earlier Description A cross-site request forgery CSRF issue exists in the Jenkins Start Windocks Containers Plugin. This flaw allows attackers to force connections to a URL chosen by th...

Jenkins Start Windocks Containers Plugin 安全漏洞

Jenkins Start Windocks Containers Plugin is an open source plugin for Jenkins to link WinDocks hosts. A security vulnerability exists in Jenkins Start Windocks Containers Plugin 1.4 and earlier versions that stems from vulnerability to cross-site request forgery attacks...

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Container Release Update

An update is now available for Red Hat Ansible Automation Platform 2.6 Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams,...

Fedora: Security Advisory (FEDORA-2025-b93734b6b8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 42 Update: runc-1.3.2-1.fc42

The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc...

[SECURITY] Fedora 41 Update: runc-1.3.2-1.fc41

The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc...