Lucene search
+L

77 matches found

AlpineLinux
AlpineLinux
added 2021/06/10 2:25 p.m.37 views

CVE-2021-21662

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...

4.3CVSS5AI score0.00949EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/06/01 4:12 a.m.3 views

jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints.

A flaw was found in the config-file-provider Jenkins plugin. The plugin does not correctly perform permission checks in several HTTP endpoints, as a consequence an attacker with global Job/Configure permission can enumerate system-scoped credentials IDs of credentials stored in Jenkins...

6.5CVSS6.7AI score0.01082EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/03/03 12:28 p.m.5 views

jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs

A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.8AI score0.01134EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2020/11/09 2:29 p.m.26 views

CVE-2020-2309

A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS4.6AI score0.01134EPSS
Exploits0References4
OSV
OSV
added 2020/11/04 3:15 p.m.21 views

CVE-2020-2309

A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS6.2AI score
Exploits0References1
NVD
NVD
added 2020/11/04 3:15 p.m.18 views

CVE-2020-2309

A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS4.4AI score0.01134EPSS
Exploits0References1
NVD
NVD
added 2020/08/12 2:15 p.m.22 views

CVE-2020-2233

A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

6.5CVSS6.3AI score0.00836EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/08/12 1:25 p.m.19 views

CVE-2020-2233

A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

6.3AI score0.00836EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2020/08/12 1:25 p.m.54 views

CVE-2020-2233

A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

6.5CVSS4.2AI score0.00836EPSS
Exploits0References2
NVD
NVD
added 2020/07/02 3:15 p.m.32 views

CVE-2020-2202

A missing permission check in Jenkins Fortify on Demand Plugin 6.0.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

4.3CVSS0.00691EPSS
Exploits0References2
NVD
NVD
added 2020/05/06 1:15 p.m.23 views

CVE-2020-2188

A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

4.3CVSS4.5AI score0.00647EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/05/06 12:0 a.m.6 views

PT-2020-15402 · Jenkins · Jenkins Amazon Ec2 Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Amazon EC2 Plugin versions 1.50.1 and earlier Description: A missing permission check in form-related methods of the Jenkins Amazon EC2 Plugin allows users with Overall/Read access to enumerate credentials IDs of credentials stored in...

4.3CVSS4.3AI score0.00647EPSS
Exploits0References5
Prion
Prion
added 2020/01/10 5:15 p.m.14 views

Command injection

Arial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which allows remote attackers to enumerate users' credentials...

5CVSS7.2AI score0.01872EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2019/10/23 1:15 p.m.16 views

CVE-2019-10470

A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

6.5CVSS6.6AI score
Exploits0References2
Cvelist
Cvelist
added 2019/10/23 12:45 p.m.17 views

CVE-2019-10473

A missing permission check in Jenkins Libvirt Slaves Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

4.4AI score0.00678EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/10/16 1:0 p.m.26 views

CVE-2019-10439

A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

4.4AI score0.00664EPSS
Exploits0References1
OSV
OSV
added 2019/04/30 1:29 p.m.17 views

CVE-2019-10312

A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptordoFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...

4.3CVSS6.4AI score
Exploits0References3
Rows per page
Query Builder