Lucene search
+L

233 matches found

Github Security Blog
Github Security Blog
added 2022/05/14 3:13 a.m.24 views

Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability

A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...

6.5CVSS2.7AI score0.00988EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/14 3:13 a.m.126 views

GHSA-92RV-MVMJ-47QH Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability

A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...

4.2CVSS6.4AI score0.00988EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/14 1:9 a.m.23 views

Jenkins SaltStack Plugin allows attackers to capture credentials with a known credentials ID stored in Jenkins

An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java. SaltStack Plugin did not perform permission checks on methods implementing form validation. This allowed users with Overall/Read access to Jenkins to...

7.5CVSS1.8AI score0.00559EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:18 a.m.20 views

Jenkins HipChat Plugin allows credential capture due to incorrect authorization

An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another...

8.8CVSS4.6AI score0.01064EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/13 1:18 a.m.30 views

GHSA-W3F7-2QFW-348X Jenkins HipChat Plugin allows credential capture due to incorrect authorization

An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another...

8.8CVSS8.6AI score0.01064EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/03/18 6:15 p.m.2 views

CVE-2021-27789

The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive...

6.5CVSS6.4AI score0.00805EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/03/16 12:0 a.m.31 views

CSRF vulnerability in Jenkins kubernetes-cd Plugin allow capturing credentials

A cross-site request forgery CSRF vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS4AI score0.00722EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2022/02/17 12:0 a.m.30 views

Jenkins Snow Commander Plugin Cross-Site Request Forgery Vulnerability

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Snow Commander Plugin 2.0 and earlier versions contain a cross-site request forgery vulnerability that stems from a...

8.8CVSS2AI score0.00655EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/02/16 12:1 a.m.52 views

Jenkins Snow Commander Plugin 2.0 vulnerable to Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability in Jenkins Snow Commander Plugin 2.0 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS4.8AI score0.00655EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/02/16 12:1 a.m.22 views

GHSA-5PCF-VXM3-FRPH CSRF vulnerability in Jenkins Checkmarx Plugin allow capturing credentials

Checkmarx Plugin 2022.1.2 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stor...

4.2CVSS8.7AI score0.00553EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/02/16 12:1 a.m.23 views

CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials

WAMP Plugin 1.2.6 and earlier does not perform a permission check in a method implementing form validation.\ This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials...

8.8CVSS3.4AI score0.00684EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/02/15 5:15 p.m.4 views

CVE-2022-25192

A cross-site request forgery CSRF vulnerability in Jenkins Snow Commander Plugin 1.10 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS7.2AI score0.00655EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/02/15 12:0 a.m.4 views

Jenkins Snow Commander Plugin 跨站请求伪造漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Snow Commander Plugin 2.0 and earlier versions contain a cross-site request forgery vulnerability that stems from a...

8.8CVSS5.5AI score0.00655EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/02/15 12:0 a.m.11 views

Jenkins 插件权限许可和访问控制问题漏洞

The Jenkins Plugin is a plug-in that provides appropriate functionality for Jenkins. Jenkins Checkmarx Plugin Access Control Error vulnerability. An attacker could use this vulnerability to connect to an attacker-specified Web server via an attacker-specified credential ID to capture credentials...

6.5CVSS5.6AI score0.00742EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/02/04 2:15 a.m.2 views

CVE-2021-45735

TOTOLINK X5000R v9.1.0u.6118B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software...

7.5CVSS5.9AI score0.03798EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/01/12 8:15 p.m.5 views

CVE-2022-20619

A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

7.1CVSS7AI score0.00655EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/12/14 12:0 a.m.6 views

UiPath Assistant安全漏洞

UiPath Assistant is a specialized tool from UiPath designed to make interacting with bots from the desktop easy and fun.A security vulnerability exists in UiPath Assistant 21.4.4, which stems from a lack of effective trust management mechanisms in networked systems or products. An attacker could...

10CVSS5.9AI score0.01747EPSS
Exploits0References2
Veracode
Veracode
added 2021/07/14 11:46 a.m.9 views

Information Disclosure

PuTTY is vulnerable to information disclosure. It proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt that the attacker can use to...

8.1CVSS6.3AI score0.01106EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2021/07/09 9:15 p.m.3 views

ALPINE-CVE-2021-36367

PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt that the attacker can use to capture credential data, and use...

8.1CVSS7AI score0.01106EPSS
Exploits0References1
Prion
Prion
added 2021/07/09 9:15 p.m.21 views

Design/Logic Flaw

PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt that the attacker can use to capture credential data, and use...

5.8CVSS8AI score0.01106EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder