43 matches found
CVE-2023-37950
A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2023-24432
A cross-site request forgery CSRF vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2023-24433
Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Jenkins Compuware Topaz for Total Test Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
CVE-2022-41250
A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-36895
A missing permission check in Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...
CVE-2022-36897
A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...
PT-2022-4027 · Jenkins · Jenkins Repository Connector Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Repository Connector Plugin versions 2.2.0 and earlier Description: The issue is related to a missing permission check in the Jenkins Repository Connector Plugin, which is associated with authorization procedure deficiencies. This...
Jenkins Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
CVE-2022-34810
A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-34779
A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
PT-2022-22348 · Jenkins · Jenkins Deployment Dashboard Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Deployment Dashboard Plugin versions 1.0.10 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. This issue...
Jenkins Plugin Deployment Dashboard 信息泄露漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. an information disclosure vulnerability...
CVE-2022-28158
A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
Jenkins Plugin 权限许可和访问控制问题漏洞
Jenkins Plugin is a Jenkins open source application. Jenkins Plugin Bitbucket suffers from a Permission Permission and Access Control Issues vulnerability that stems from a lack of permission checking that allows an attacker with aggregate/read access to enumerate the credential IDs of credential...
PT-2020-15540 · Jenkins · Jenkins Ansible Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Ansible Plugin versions 1.0 and earlier Description: The issue is related to missing permission checks in the Jenkins Ansible Plugin, which allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stor...
PT-2020-15539 · Jenkins · Jenkins Kubernetes Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes Plugin versions 1.27.3 and earlier Jenkins Kubernetes Plugin versions prior to 1.27.4 Jenkins Kubernetes Plugin versions prior to 1.26.5 Jenkins Kubernetes Plugin versions prior to 1.25.4.1 Jenkins Kubernetes Plugin version...
CloudBees Jenkins Fortify on Demand Plugin Authorization Issue Vulnerability
CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees. The product is mainly used to monitor the continuous software version of the release/testing project and some timed tasks . Fortify on Demand Plugin is used in one of the support for uploading code...
PT-2020-12283 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak versions 8.0.2 through 9.0.0 Description: A flaw was found where a malicious user can register as oneself and then use the "remove devices" form to post different credential IDs with the hope of removing MFA devices for other users...
CVE-2019-16566
A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...