Lucene search
K

114 matches found

Prion
Prion
added 2020/09/23 2:15 p.m.15 views

Information disclosure

A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4CVSS4.4AI score0.00691EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/07/02 3:15 p.m.14 views

CVE-2020-2204

A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs...

5.4CVSS6.6AI score
Exploits0References2
AlpineLinux
AlpineLinux
added 2020/07/02 2:55 p.m.23 views

CVE-2020-2204

A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs...

5.5CVSS4.4AI score0.00622EPSS
Exploits0References2
NVD
NVD
added 2020/01/15 4:15 p.m.23 views

CVE-2020-2091

A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method...

8.1CVSS8AI score0.01113EPSS
Exploits0References1
NVD
NVD
added 2020/01/15 4:15 p.m.34 views

CVE-2020-2090

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method...

8.8CVSS8.6AI score0.00827EPSS
Exploits0References1
Prion
Prion
added 2020/01/15 4:15 p.m.18 views

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method...

6.8CVSS8.6AI score0.00827EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/12/17 3:15 p.m.14 views

CVE-2019-16575

A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials...

8.8CVSS8.7AI score0.00863EPSS
Exploits0References2
OSV
OSV
added 2019/12/17 3:15 p.m.19 views

CVE-2019-16576

A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or...

6.5CVSS6.5AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/12/17 12:0 a.m.5 views

PT-2019-14730 · Jenkins · Jenkins Alauda Kubernetes Support Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Alauda Kubernetes Support Plugin versions 2.3.0 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing the...

8.8CVSS8.5AI score0.00863EPSS
Exploits0References5
Cvelist
Cvelist
added 2019/10/23 12:45 p.m.13 views

CVE-2019-10472

A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.3AI score0.00836EPSS
Exploits0References2
OSV
OSV
added 2019/08/07 3:15 p.m.13 views

CVE-2019-10368

A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpldoTestConnection and JCloudsCloud.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified...

8.8CVSS6.4AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/03/28 12:0 a.m.10 views

PT-2019-11334 · Jenkins · Jenkins Slack Notification Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Slack Notification Plugin versions 2.19 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing credentials...

7.1CVSS6.7AI score0.01133EPSS
Exploits0References8
Prion
Prion
added 2019/01/09 11:29 p.m.17 views

Authorization

An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins...

4CVSS6.3AI score0.01641EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2018/06/06 2:51 p.m.42 views

CVE-2018-1000183

A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

6.5CVSS4.1AI score0.01013EPSS
Exploits0References2
Rows per page
Query Builder