Lucene search
+L

122 matches found

OSV
OSV
added 2019/10/16 2:15 p.m.18 views

CVE-2019-10437

A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS6.7AI score
Exploits0References1
Cvelist
Cvelist
added 2019/10/16 1:0 p.m.31 views

CVE-2019-10438

A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.3AI score0.01034EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/10/16 1:0 p.m.26 views

CVE-2019-10439

A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

4.4AI score0.00664EPSS
Exploits0References1
CVE
CVE
added 2019/10/16 1:0 p.m.116 views

CVE-2019-10438

Jenkins CRX Content Package Deployer Plugin suffered a missing permission check in versions 1.8.1 and earlier, allowing attackers with Overall/Read to connect to an attacker-specified URL using attacker-specified credentials IDs retrieved through another method, thereby capturing credentials stor...

6.5CVSS6.3AI score0.01034EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/10/16 1:0 p.m.80 views

CVE-2019-10439

The CVE-2019-10439 issue affects Jenkins CRX Content Package Deployer Plugin, with vulnerable versions ≤ 1.8.1. A missing permission check in various doFillCredentialsIdItems methods allows users with Overall/Read access to enumerate credentials IDs stored in Jenkins. Exploitation context is not ...

4.3CVSS4.4AI score0.00664EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/10/16 1:0 p.m.74 views

CVE-2019-10437

The CVE-2019-10437 vulnerability affects Jenkins CRX Content Package Deployer Plugin versions 1.8.1 and earlier. It is a cross-site request forgery (CSRF) issue in which an attacker can cause a Jenkins instance to connect to an attacker-specified URL using credentials IDs obtained through another...

8.8CVSS8.5AI score0.00836EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/10/16 12:0 a.m.8 views

PT-2019-11831 · Jenkins · Jenkins Crx Content Package Deployer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CRX Content Package Deployer Plugin versions 1.8.1 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...

8.8CVSS8.5AI score0.00836EPSS
Exploits0References7
CNVD
CNVD
added 2019/10/14 12:0 a.m.5 views

CloudBees Jenkins WildFly Deployer Plugin Trust Management Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . WildFly Deployer Plugin is used in which an...

8.8CVSS6.9AI score0.01365EPSS
Exploits0References1
CNVD
CNVD
added 2019/08/23 12:0 a.m.4 views

CloudBees Jenkins WebSphere Deployer Plugin Trust Management Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . WebSphere Deployer Plugin is used in which a...

8.8CVSS6.9AI score0.01365EPSS
Exploits0References1
CNVD
CNVD
added 2019/08/23 12:0 a.m.6 views

CloudBees Jenkins OpenShift Deployer Plugin Authorization Issues Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. company CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks.OpenShift Deployer Plugin is used in one of the...

6.5CVSS6.8AI score0.01536EPSS
Exploits0References1
NVD
NVD
added 2019/04/04 4:29 p.m.27 views

CVE-2019-1003072

Jenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

8.8CVSS8.7AI score0.01365EPSS
Exploits0References3
NVD
NVD
added 2019/04/04 4:29 p.m.24 views

CVE-2019-1003080

A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptordoCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.4AI score0.01339EPSS
Exploits0References3
OSV
OSV
added 2019/04/04 4:29 p.m.17 views

CVE-2019-1003080

A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptordoCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.6AI score
Exploits0References3
OSV
OSV
added 2019/04/04 4:29 p.m.18 views

CVE-2019-1003081

A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptordoCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

6.5CVSS6.5AI score
Exploits0References3
OSV
OSV
added 2019/04/04 4:29 p.m.6 views

CVE-2019-1003056

Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

8.8CVSS6.5AI score0.01365EPSS
Exploits0References3
Prion
Prion
added 2019/04/04 4:29 p.m.20 views

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptordoCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server...

4.3CVSS6.4AI score0.01339EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2019/04/04 3:38 p.m.61 views

CVE-2019-1003080

Summary: CVE-2019-1003080 is a cross-site request forgery in the Jenkins OpenShift Deployer Plugin. The issue resides in DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation, permitting an attacker to cause the plugin to connect to an attacker‑specified server. Public source...

6.5CVSS6.3AI score0.01339EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2019/04/04 3:38 p.m.63 views

CVE-2019-1003081

The CVE describes a missing permission check in the Jenkins OpenShift Deployer Plugin, specifically in DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation. Attackers with Overall/Read permission can trigger a connection to an attacker‑specified server, enabling potential un...

6.5CVSS6.3AI score0.01536EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/04/04 3:38 p.m.31 views

CVE-2019-1003080

A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptordoCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server...

6.4AI score0.01339EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/04/04 3:38 p.m.27 views

CVE-2019-1003056

Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

8.7AI score0.01365EPSS
Exploits0References3
Rows per page
Query Builder