114 matches found
CVE-2023-24433
Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2023-24435
A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-45390
A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-43431
Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-43418
A cross-site request forgery CSRF vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-43418
A cross-site request forgery CSRF vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
GHSA-GHQ7-85HP-FH76 CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin allows capturing credentials
Worksoft Execution Manager Plugin 10.0.3.503 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another metho...
GHSA-6CVR-RVPM-9WX4 Jenkins SCM HttpClient Plugin vulnerable to Cross-Site Request Forgery
SCM HttpClient Plugin 1.5 and earlier does not perform permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing...
CVE-2022-41245
A cross-site request forgery CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-41249
A cross-site request forgery CSRF vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
PT-2022-25761 · Jenkins · Jenkins Worksoft Execution Manager Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Worksoft Execution Manager Plugin versions 10.0.3.503 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified...
Jenkins Repository Connector Plugin allows attackers with Overall/Read permission to enumerate credentials IDs
Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials...
GHSA-75FC-FV3P-XH82 Jenkins Compuware Source Code Download is missing authorization
BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stor...
CVE-2022-36903
A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-36896
A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...
CVE-2022-36903
A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-36921
CVE-2022-36921 affects Jenkins Coverity Plugin 1.11.4 and earlier. A missing permission check in an HTTP endpoint allows attackers with Overall/Read permission to connect to an attacker‑specified URL using attacker‑specified credentials IDs to capture credentials stored in Jenkins. The vulnerabil...
PT-2022-4020 · Jenkins · Jenkins Compuware Source Code Download For Endevor +1
Name of the Vulnerable Software and Affected Versions: Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin versions 2.0.12 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware...
PT-2022-4034 · Bmc +2 · Jenkins Bmc Ami Devx Code Pipeline Operations Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins Compuware ISPW Operations Plugin versions 1.0.8 and earlier Jenkins BMC AMI DevX Code Pipeline Operations Plugin versions 1.0.8 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read...
GHSA-7C8F-M389-4XJC Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow enumerating credentials IDs
XebiaLabs XL Release Plugin 22.0.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using...