Lucene search
+L

70 matches found

Github Security Blog
Github Security Blog
added 2022/05/13 1:48 a.m.27 views

Jenkins Google Play Android Publisher Plugin allows attacker to obtain credential IDs

An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credential IDs. As of version 1.7, enumeration of credentials IDs and validation of specified credentials i...

4.3CVSS4.5AI score0.00676EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:18 a.m.24 views

Jenkins HipChat Plugin allows attackers with Overall/Read access to obtain credential IDs

An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. As of version 2.2.1, an enumeration of credentials IDs in this plugin...

6.5CVSS5.4AI score0.01641EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2022/03/31 12:0 a.m.41 views

Jenkins Pipeline Phoenix AutoTest Plugin访问控制错误漏洞

Jenkins Pipeline is a set of plug-ins that support the implementation and integration of continuous delivery pipelines into Jenkins.An access control error vulnerability exists in Jenkins Pipeline Phoenix AutoTest Plugin 1.3 and earlier, which stems from the plugin not performing permission check...

6.5CVSS1.6AI score0.00722EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/17 12:0 a.m.47 views

Jenkins Kubernetes Continuous Deploy Plugin has an unspecified vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability can be exploited by an attacker with Overall/Read privilege...

6.5CVSS2.5AI score0.00908EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/17 12:0 a.m.25 views

Jenkins Conjur Secrets Plugin授权问题漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Conjur Secrets Plugin 1.0.11 and earlier versions are vulnerable to an authorization issue that stems from not...

4.3CVSS0.7AI score0.0068EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/01/12 8:15 p.m.5 views

CVE-2022-20619

A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

7.1CVSS7AI score0.00655EPSS
Exploits0References3
CNVD
CNVD
added 2021/07/16 12:0 a.m.37 views

Rancher Labs Rancher Access Control Error Vulnerability

Rancher Labs Rancher is an open source enterprise container management platform from Rancher Labs, Inc. An access control error vulnerability exists in Rancher Labs Rancher, which stems from the product's lack of effective privilege management for creating cloud credential IDs, which could be...

9.9CVSS3.1AI score0.00832EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/07/15 12:0 a.m.5 views

Rancher Labs Rancher 安全漏洞

Rancher Labs Rancher is an open source enterprise container management platform from Rancher Labs, Inc. An access control error vulnerability exists in Rancher Labs Rancher, which stems from the product's lack of effective privilege management for creating cloud credential IDs, which could be...

9.9CVSS5.7AI score0.00832EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/05/11 12:0 a.m.5 views

PT-2021-14696 · Jenkins · Jenkins Xray - Test Management For Jira Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Xray - Test Management for Jira Plugin versions 2.4.0 and earlier Description: The issue concerns a lack of permission check in an HTTP endpoint, allowing users with Overall/Read permission to enumerate credentials IDs of credentials...

4.3CVSS4.2AI score0.00865EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2021/04/21 2:20 p.m.37 views

CVE-2021-21643

Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins...

6.5CVSS2.5AI score0.01082EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/04/21 12:0 a.m.2 views

PT-2021-14686 · Jenkins · Jenkins Config File Provider Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Config File Provider Plugin versions 3.7.0 and earlier Description: The issue concerns incorrect permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentia...

6.5CVSS6.4AI score0.01082EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2021/03/30 12:0 a.m.2 views

PT-2021-14679 · Jenkins · Jenkins Team Foundation Server Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Team Foundation Server Plugin versions 5.157.1 and earlier Description: A missing permission check in the Jenkins Team Foundation Server Plugin allows attackers with Overall/Read permission to enumerate credentials ID of credentials...

4.3CVSS4.1AI score0.00786EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/03/30 12:0 a.m.7 views

Jenkins Team Foundation Server 安全漏洞

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An improper authorization...

4.3CVSS5.8AI score0.00786EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2021/03/18 12:0 a.m.14 views

PT-2021-14668 · Amazon +2 · Aws Parameter Store Build Wrapper +4

Name of the Vulnerable Software and Affected Versions: Jenkins CloudBees AWS Credentials Plugin versions 1.28 and earlier Description: The issue allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins under certain circumstances. This can...

4.3CVSS4.4AI score0.00722EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2021/01/20 4:38 a.m.3 views

jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs

A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.8AI score0.01134EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2020/11/04 12:0 a.m.7 views

PT-2020-15543 · Jenkins · Jenkins Azure Key Vault Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Azure Key Vault Plugin versions 2.0 and earlier Description: A missing permission check in the Jenkins Azure Key Vault Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS4.4AI score0.00776EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2020/07/02 12:0 a.m.5 views

PT-2020-15418 · Jenkins · Jenkins Fortify On Demand Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Fortify on Demand Plugin versions 5.0.1 and earlier Description: A missing permission check in the Jenkins Fortify on Demand Plugin allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand...

5.5CVSS5.3AI score0.00622EPSS
Exploits0References9
Veracode
Veracode
added 2020/05/05 6:58 a.m.24 views

Unauthorized Postings And Removals

keycloak-services is vulnerable to unauthorized postings and removals. Posting different credential IDs can be done by using the remove devices form, subsequently possibly to perform unauthorized removal of MFA devices of other users...

4.7CVSS4.5AI score0.00654EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/05/04 8:5 p.m.53 views

CVE-2020-10686

A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in Keycloak version 9.0.1, where a malicious user registers as oneself. The attacker could then use the remove devices form to post different credential IDs and possibly remove MFA devices for other users...

4.1CVSS4.7AI score0.00654EPSS
Exploits0References1
CNVD
CNVD
added 2019/10/28 12:0 a.m.6 views

CloudBees Jenkins Libvirt Slaves Plugin Enumeration Credentials Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Libvirt Slaves Plugin is used in one of the plug-in for controlling guest domains...

4.3CVSS6.5AI score0.00678EPSS
Exploits0References1
Rows per page
Query Builder