Lucene search
K

43 matches found

OSV
OSV
added 2023/07/12 4:15 p.m.5 views

CVE-2023-37950

A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.8AI score0.00447EPSS
Exploits0References2
OSV
OSV
added 2023/01/26 9:18 p.m.3 views

CVE-2023-24432

A cross-site request forgery CSRF vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS7.3AI score0.00515EPSS
Exploits0References1
OSV
OSV
added 2023/01/26 9:18 p.m.5 views

CVE-2023-24433

Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS6.6AI score0.00769EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.4 views

Jenkins Compuware Topaz for Total Test Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.2AI score0.00457EPSS
Exploits0References5
OSV
OSV
added 2022/09/21 4:15 p.m.7 views

CVE-2022-41250

A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS5.8AI score0.00551EPSS
Exploits0References2
OSV
OSV
added 2022/07/27 3:15 p.m.3 views

CVE-2022-36895

A missing permission check in Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...

4.3CVSS5.8AI score0.00569EPSS
Exploits0References2
OSV
OSV
added 2022/07/27 3:15 p.m.4 views

CVE-2022-36897

A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...

4.3CVSS5.8AI score0.00569EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/07/27 12:0 a.m.7 views

PT-2022-4027 · Jenkins · Jenkins Repository Connector Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Repository Connector Plugin versions 2.2.0 and earlier Description: The issue is related to a missing permission check in the Jenkins Repository Connector Plugin, which is associated with authorization procedure deficiencies. This...

4.3CVSS4.1AI score0.00581EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/07/27 12:0 a.m.6 views

Jenkins Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS6.6AI score0.00605EPSS
Exploits0References5
OSV
OSV
added 2022/06/30 6:15 p.m.4 views

CVE-2022-34810

A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

6.5CVSS5.8AI score0.00686EPSS
Exploits0References1
OSV
OSV
added 2022/06/30 6:15 p.m.4 views

CVE-2022-34779

A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.8AI score0.00524EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/06/30 12:0 a.m.4 views

PT-2022-22348 · Jenkins · Jenkins Deployment Dashboard Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Deployment Dashboard Plugin versions 1.0.10 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. This issue...

4.3CVSS4.2AI score0.00684EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.37 views

Jenkins Plugin Deployment Dashboard 信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. an information disclosure vulnerability...

4.3CVSS5.7AI score0.00684EPSS
Exploits0References6
OSV
OSV
added 2022/03/29 1:15 p.m.1 views

CVE-2022-28158

A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

6.5CVSS6.4AI score
Exploits0References2
CNNVD
CNNVD
added 2022/01/12 12:0 a.m.7 views

Jenkins Plugin 权限许可和访问控制问题漏洞

Jenkins Plugin is a Jenkins open source application. Jenkins Plugin Bitbucket suffers from a Permission Permission and Access Control Issues vulnerability that stems from a lack of permission checking that allows an attacker with aggregate/read access to enumerate the credential IDs of credential...

4.3CVSS5.1AI score0.00852EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2020/11/04 12:0 a.m.6 views

PT-2020-15540 · Jenkins · Jenkins Ansible Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Ansible Plugin versions 1.0 and earlier Description: The issue is related to missing permission checks in the Jenkins Ansible Plugin, which allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stor...

4.3CVSS4.3AI score0.00792EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2020/11/04 12:0 a.m.1 views

PT-2020-15539 · Jenkins · Jenkins Kubernetes Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes Plugin versions 1.27.3 and earlier Jenkins Kubernetes Plugin versions prior to 1.27.4 Jenkins Kubernetes Plugin versions prior to 1.26.5 Jenkins Kubernetes Plugin versions prior to 1.25.4.1 Jenkins Kubernetes Plugin version...

4.3CVSS4.1AI score0.01134EPSS
Exploits0References7
CNVD
CNVD
added 2020/07/03 12:0 a.m.4 views

CloudBees Jenkins Fortify on Demand Plugin Authorization Issue Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees. The product is mainly used to monitor the continuous software version of the release/testing project and some timed tasks . Fortify on Demand Plugin is used in one of the support for uploading code...

4.3CVSS7AI score0.00691EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2020/05/04 12:0 a.m.9 views

PT-2020-12283 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak versions 8.0.2 through 9.0.0 Description: A flaw was found where a malicious user can register as oneself and then use the "remove devices" form to post different credential IDs with the hope of removing MFA devices for other users...

6.5CVSS4.7AI score0.00654EPSS
Exploits0References8
OSV
OSV
added 2019/12/17 3:15 p.m.4 views

CVE-2019-16566

A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS6.7AI score0.00798EPSS
Exploits0References2
Rows per page
Query Builder