GHSA-6MGQ-VH7R-GCCC CSRF vulnerability in Jenkins sinatra-chef-builder Plugin

A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

PT-2019-11739 · Jenkins · Jenkins Docker Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Docker Plugin versions 1.1.6 and earlier Description: A cross-site request forgery issue allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing...

CVE-2019-10331

A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in ConfigurationdoTestConnection allowed attackers to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2019-10332

A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in ConfigurationdoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2019-10331

CVE-2019-10331 affects Jenkins ElectricFlow Plugin 1.1.5 and earlier. The vulnerability stems from a missing permission check in a form validation method (Configuration#doTestConnection), enabling CSRF to trigger a connection test to an attacker-specified URL using attacker-specified credentials....

CloudBees Jenkins Artifactory Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Artifactory Plugin is used in one of the...

CVE-2019-1003078

A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptordoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

CVE-2019-10278

CVE-2019-10278 affects the Jenkins jenkins-reviewbot plugin, specifically the ReviewboardDescriptor#doTestConnection form validation. The vulnerability is a cross-site request forgery (CSRF) that allows an attacker to initiate a connection to an attacker-specified server. The root cause is insuff...

PT-2019-11377 · Jenkins · Jenkins Chef Sinatra Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Chef Sinatra Plugin affected versions not specified Description: A missing permission check in the ChefBuilderConfiguration.DescriptorImpldoTestConnection form validation method allows attackers with Overall/Read permission to initiat...

PT-2019-11382 · Jenkins · Jenkins Nomad Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Nomad Plugin affected versions not specified Description: A cross-site request forgery issue exists in the NomadCloud.DescriptorImpldoTestConnection form validation method, allowing attackers to initiate a connection to an...

PT-2019-11373 · Jenkins · Jenkins Gearman Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Gearman Plugin affected versions not specified Description: A missing permission check in the GearmanPluginConfigdoTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an...

PT-2019-11376 · Jenkins · Jenkins Chef Sinatra Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Chef Sinatra Plugin affected versions not specified Description: A cross-site request forgery issue exists in the ChefBuilderConfiguration.DescriptorImpldoTestConnection form validation method, allowing attackers to initiate a...

PT-2019-11680 · Jenkins · Jenkins Jenkins-Reviewbot Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins jenkins-reviewbot Plugin affected versions not specified Description: A cross-site request forgery issue exists in the ReviewboardDescriptordoTestConnection form validation method, allowing attackers to initiate a connection to an...

PT-2019-11383 · Jenkins · Jenkins Nomad Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Nomad Plugin affected versions not specified Description: A missing permission check in the NomadCloud.DescriptorImpldoTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an...