Lucene search
K

114 matches found

Cvelist
Cvelist
added 2023/01/24 12:0 a.m.34 views

CVE-2023-24433

Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5AI score0.00769EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/24 12:0 a.m.39 views

CVE-2023-24435

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5AI score0.00821EPSS
Exploits0References1
OSV
OSV
added 2022/11/15 8:15 p.m.3 views

CVE-2022-45390

A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.8AI score0.00522EPSS
Exploits0References2
NVD
NVD
added 2022/10/19 4:15 p.m.21 views

CVE-2022-43431

Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS0.0045EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/10/19 12:0 a.m.33 views

CVE-2022-43418

A cross-site request forgery CSRF vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.8AI score0.00397EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/10/19 12:0 a.m.5 views

CVE-2022-43418

A cross-site request forgery CSRF vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.5AI score0.00397EPSS
Exploits0References2
OSV
OSV
added 2022/09/22 12:0 a.m.16 views

GHSA-GHQ7-85HP-FH76 CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin allows capturing credentials

Worksoft Execution Manager Plugin 10.0.3.503 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another metho...

4.2CVSS8.7AI score0.00436EPSS
Exploits0References3
OSV
OSV
added 2022/09/22 12:0 a.m.48 views

GHSA-6CVR-RVPM-9WX4 Jenkins SCM HttpClient Plugin vulnerable to Cross-Site Request Forgery

SCM HttpClient Plugin 1.5 and earlier does not perform permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing...

4.2CVSS8.7AI score0.0039EPSS
Exploits0References4
NVD
NVD
added 2022/09/21 4:15 p.m.26 views

CVE-2022-41245

A cross-site request forgery CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS0.00436EPSS
Exploits0References1
OSV
OSV
added 2022/09/21 4:15 p.m.3 views

CVE-2022-41249

A cross-site request forgery CSRF vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS5.7AI score0.0039EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.6 views

PT-2022-25761 · Jenkins · Jenkins Worksoft Execution Manager Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Worksoft Execution Manager Plugin versions 10.0.3.503 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified...

6.5CVSS6.4AI score0.00612EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/07/28 12:0 a.m.32 views

Jenkins Repository Connector Plugin allows attackers with Overall/Read permission to enumerate credentials IDs

Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials...

4.3CVSS4.8AI score0.00581EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/07/28 12:0 a.m.22 views

GHSA-75FC-FV3P-XH82 Jenkins Compuware Source Code Download is missing authorization

BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stor...

4.3CVSS6.7AI score0.00605EPSS
Exploits0References5
NVD
NVD
added 2022/07/27 3:15 p.m.39 views

CVE-2022-36903

A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS0.00581EPSS
Exploits0References2
OSV
OSV
added 2022/07/27 3:15 p.m.4 views

CVE-2022-36896

A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...

6.5CVSS6.6AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/07/27 3:15 p.m.4 views

CVE-2022-36903

A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.8AI score0.00581EPSS
Exploits0References4
CVE
CVE
added 2022/07/27 2:29 p.m.80 views

CVE-2022-36921

CVE-2022-36921 affects Jenkins Coverity Plugin 1.11.4 and earlier. A missing permission check in an HTTP endpoint allows attackers with Overall/Read permission to connect to an attacker‑specified URL using attacker‑specified credentials IDs to capture credentials stored in Jenkins. The vulnerabil...

8.1CVSS7.8AI score0.0073EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/07/27 12:0 a.m.4 views

PT-2022-4020 · Jenkins · Jenkins Compuware Source Code Download For Endevor +1

Name of the Vulnerable Software and Affected Versions: Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin versions 2.0.12 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware...

6.8CVSS6.5AI score0.00605EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2022/07/27 12:0 a.m.7 views

PT-2022-4034 · Bmc +2 · Jenkins Bmc Ami Devx Code Pipeline Operations Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Compuware ISPW Operations Plugin versions 1.0.8 and earlier Jenkins BMC AMI DevX Code Pipeline Operations Plugin versions 1.0.8 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read...

4.3CVSS4.6AI score0.00581EPSS
Exploits0References7
OSV
OSV
added 2022/07/01 12:1 a.m.21 views

GHSA-7C8F-M389-4XJC Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow enumerating credentials IDs

XebiaLabs XL Release Plugin 22.0.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using...

4.3CVSS4.7AI score0.00524EPSS
Exploits0References3
Rows per page
Query Builder