CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

74 matches found

NVD•added 2020/07/02 3:15 p.m.•13 views

CVE-2020-2211

Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...

8.8CVSS0.00807EPSS

Exploits0References2

Prion•added 2020/07/02 3:15 p.m.•18 views

Remote code execution

6.5CVSS9AI score0.00807EPSS

Exploits0References2Affected Software1

Cvelist•added 2020/07/02 2:55 p.m.•11 views

CVE-2020-2211

9AI score0.00807EPSS

Exploits0References2

CVE•added 2020/07/02 2:55 p.m.•83 views

CVE-2020-2211

CVE-2020-2211 affects Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin (versions ≤ 1.3). The root cause is that the YAML parser is not configured to prevent instantiation of arbitrary types, enabling remote code execution. The CVE entry notes a questionable attack surface but does not provide e...

8.8CVSS8.9AI score0.00807EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2020/07/02 12:0 a.m.•2 views

PT-2020-15426 · Jenkins · Jenkins Elasticbox Jenkins Kubernetes Ci/Cd Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin versions 1.3 and earlier Description: The issue is related to the YAML parser configuration in the Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin, which allows the instantiation of...

8.8CVSS8.8AI score0.00807EPSS

Exploits0References7

Zero Day Initiative•added 2019/10/30 12:0 a.m.•15 views

(0Day) Jenkins ElasticBox CI Cleartext Storage of Credentials Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins ElasticBox CI. Authentication is required to exploit this vulnerability. The specific flaw exists within the ElasticBox CI plugin. The issue results from storing credentials in...

3.3CVSS1.6AI score

Exploits0

CNVD•added 2019/10/28 12:0 a.m.•3 views

CloudBees Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin Cross-Site Request Forgery Vulnerability (CNVD-2019-38508)

CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. company CloudBees. The product is mainly used to monitor continuous software version release/testing projects and some timed tasks.ElasticBox Jenkins Kubernetes CI/CD Plugin is used in...

8.8CVSS6.6AI score0.00093EPSS

Exploits0References1

CNVD•added 2019/10/28 12:0 a.m.•2 views

CloudBees Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin Cross-Site Request Forgery Vulnerability

6.5CVSS6.5AI score0.00048EPSS

Exploits0References1

CNVD•added 2019/10/28 12:0 a.m.•4 views

CloudBees Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin Access Privilege Vulnerability

6.5CVSS6.7AI score0.00048EPSS

Exploits0References1

NVD•added 2019/10/23 1:15 p.m.•17 views

CVE-2019-10469

A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS6.3AI score0.00048EPSS

Exploits0References2

NVD•added 2019/10/23 1:15 p.m.•14 views

CVE-2019-10470

A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

6.5CVSS6.4AI score0.00048EPSS

Exploits0References2

OSV•added 2019/10/23 1:15 p.m.•13 views

CVE-2019-10469

6.5CVSS6.6AI score

Exploits0References2

OSV•added 2019/10/23 1:15 p.m.•11 views

CVE-2019-10470

6.5CVSS6.6AI score

Exploits0References2

NVD•added 2019/10/23 1:15 p.m.•14 views

CVE-2019-10468

A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS8.6AI score0.00093EPSS

Exploits0References2

OSV•added 2019/10/23 1:15 p.m.•16 views

CVE-2019-10468

8.8CVSS6.7AI score

Exploits0References2

Prion•added 2019/10/23 1:15 p.m.•21 views

Design/Logic Flaw

4CVSS6.2AI score0.00048EPSS

Exploits0References2Affected Software1

Prion•added 2019/10/23 1:15 p.m.•16 views

Design/Logic Flaw

4CVSS6.3AI score0.00048EPSS

Exploits0References2Affected Software1

Prion•added 2019/10/23 1:15 p.m.•20 views

Cross site request forgery (csrf)

6.8CVSS8.5AI score0.00093EPSS

Exploits0References2Affected Software1

CVE•added 2019/10/23 12:45 p.m.•81 views

CVE-2019-10470

CVE-2019-10470 affects the Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin. The vulnerability arises from a missing permission check in form-related methods, allowing users with Overall/Read access to enumerate credentials IDs stored in Jenkins. Impact is credential enumeration with partial co...

6.5CVSS6.3AI score0.00048EPSS

Exploits0References2Affected Software1

CVE•added 2019/10/23 12:45 p.m.•65 views

CVE-2019-10468

The CVE-2019-10468 entry concerns the Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin. The vulnerability is a cross-site request forgery (CSRF) flaw that lets an attacker trigger requests to an attacker-specified URL using credentials IDs obtained through another method, enabling capture of cr...

8.8CVSS8.5AI score0.00093EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by