Lucene search
+L

233 matches found

Vulnrichment
Vulnrichment
added 2023/06/14 12:53 p.m.7 views

CVE-2023-35148

A cross-site request forgery CSRF vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins...

6.4AI score0.00452EPSS
Exploits0References2
OSV
OSV
added 2023/04/11 9:15 a.m.6 views

CVE-2023-28368

TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQUNV11.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential...

5.7CVSS5.8AI score0.00265EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/04/02 9:30 p.m.24 views

Jenkins OctoPerf Load Testing Plugin vulnerable to credential capture

OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

6.5CVSS6.5AI score0.00509EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/04/02 9:30 p.m.22 views

GHSA-J9H4-P6P7-8652 Jenkins OctoPerf Load Testing Plugin vulnerable to credential capture

OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

6.5CVSS6.5AI score0.00509EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/03/23 11:26 a.m.6 views

CVE-2023-28671

A cross-site request forgery CSRF vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.6AI score0.00361EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.3 views

SUSE CVE-2010-0172

toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorizati...

4.3CVSS9AI score0.01413EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:3 a.m.3 views

SUSE CVE-2020-4044

The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This wi...

7.1CVSS8.1AI score0.02404EPSS
Exploits0References10
Rapid7 Blog
Rapid7 Blog
added 2023/02/03 7:21 p.m.67 views

Metasploit Weekly Wrap-Up

Metasploit 6.3 is out! Earlier this week we announced the release of Metasploit 6.3 which came with a tonne of new modules and improvements. The whole team worked super hard on this and we're very excited that everyone can now get their hands on it and all of the new features it has to offer! I...

0.2AI score0.99995EPSS
Exploits28
NVD
NVD
added 2023/01/26 9:18 p.m.40 views

CVE-2023-24435

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS6.4AI score0.00821EPSS
Exploits0References1
OSV
OSV
added 2023/01/26 9:18 p.m.4 views

CVE-2023-24432

A cross-site request forgery CSRF vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS7.3AI score0.00515EPSS
Exploits0References1
Prion
Prion
added 2023/01/26 9:18 p.m.18 views

Design/Logic Flaw

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4CVSS6.3AI score0.00821EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.7 views

Jenkins Plugin JIRA Pipeline Steps 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS6.5AI score0.00769EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.7 views

Jenkins Plugin Kubernetes Credentials Provider 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin A security...

6.5CVSS6.5AI score0.00821EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.19 views

Jenkins Plugin GitHub Pull Request Builder 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS6.5AI score0.00821EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.4 views

PT-2023-19597 · Jenkins · Jenkins Jira Pipeline Steps Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins JIRA Pipeline Steps Plugin versions 2.0.165.v8846cf59f3db and earlier Description: A cross-site request forgery CSRF issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially...

8.8CVSS8.6AI score0.00515EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/01/24 12:0 a.m.8 views

CVE-2023-24438

A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkin...

6.7AI score0.00769EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/01/24 12:0 a.m.6 views

CVE-2023-24437

A cross-site request forgery CSRF vulnerability in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.9AI score0.00515EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/01/24 12:0 a.m.8 views

CVE-2023-24435

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.8AI score0.00821EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/12/12 9:30 a.m.27 views

Jenkins Sonar Gerrit Plugin vulnerable to Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers previously configured by Jenkins administrators using attacker-specified credentials IDs obtained through another method,...

6.5CVSS6.2AI score0.00429EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2022/12/12 9:15 a.m.23 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers previously configured by Jenkins administrators using attacker-specified credentials IDs obtained through another method,...

4.3CVSS6.4AI score0.00429EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder