Lucene search
+L

15 matches found

OSV
OSV
added 2022/07/01 12:1 a.m.35 views

GHSA-HCJR-6JQ3-392P Jenkins Failed Job Deactivator Plugin Missing Authorization vulnerability

Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints. This allows attackers with Overall/Read permission to disable jobs. Additionally, these endpoints do not require POST requests, resulting in a cross-site request forgery...

4.3CVSS4.8AI score0.00553EPSS
Exploits0References3
OSV
OSV
added 2022/07/01 12:1 a.m.33 views

GHSA-CP6Q-836Q-GMJ3 Cross-Site Request Forgery in Jenkins Failed Job Deactivator Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs. This CSRF vulnerability is only exploitable in Jenkins 2.286 and earlier, LTS 2.277.1 and earlier. See the LTS upgrade guide...

4.3CVSS4.9AI score0.00454EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/07/01 12:1 a.m.34 views

Jenkins Failed Job Deactivator Plugin Missing Authorization vulnerability

Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints. This allows attackers with Overall/Read permission to disable jobs. Additionally, these endpoints do not require POST requests, resulting in a cross-site request forgery...

4.3CVSS4.9AI score0.00553EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/01 12:1 a.m.34 views

Cross-Site Request Forgery in Jenkins Failed Job Deactivator Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs. This CSRF vulnerability is only exploitable in Jenkins 2.286 and earlier, LTS 2.277.1 and earlier. See the LTS upgrade guide...

4.3CVSS5AI score0.00454EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/06/30 6:15 p.m.4 views

CVE-2022-34817

A cross-site request forgery CSRF vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs...

4.3CVSS5.8AI score0.00454EPSS
Exploits0References2
OSV
OSV
added 2022/06/30 6:15 p.m.16 views

CVE-2022-34818

Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints, allowing attackers with Overall/Read permission to disable jobs...

4.3CVSS5.8AI score0.00553EPSS
Exploits0References1
OSV
OSV
added 2022/06/30 6:15 p.m.2 views

CVE-2022-34817

A cross-site request forgery CSRF vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs...

4.3CVSS5.7AI score0.00454EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/06/30 6:15 p.m.3 views

CVE-2022-34818

Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints, allowing attackers with Overall/Read permission to disable jobs...

4.3CVSS5.9AI score0.00553EPSS
Exploits0References2
NVD
NVD
added 2022/06/30 6:15 p.m.25 views

CVE-2022-34818

Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints, allowing attackers with Overall/Read permission to disable jobs...

4.3CVSS0.00553EPSS
Exploits0References1
Prion
Prion
added 2022/06/30 6:15 p.m.21 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs...

4.3CVSS4.6AI score0.00454EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/06/30 5:49 p.m.267 views

CVE-2022-34818

The CVE-2022-34818 entry concerns Jenkins Failed Job Deactivator Plugin (versions

4.3CVSS4.8AI score0.00553EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/30 5:49 p.m.25 views

CVE-2022-34818

Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints, allowing attackers with Overall/Read permission to disable jobs...

5.2AI score0.00553EPSS
Exploits0References1
CVE
CVE
added 2022/06/30 5:49 p.m.285 views

CVE-2022-34817

CVE-2022-34817 describes a CSRF vulnerability in the Jenkins Failed Job Deactivator Plugin, affecting version 1.2.1 and earlier. The vulnerability allows an attacker to disable jobs in Jenkins via a crafted request. The issue is noted across multiple sources (NVD entry for CVE-2022-34817 and PT S...

4.3CVSS4.9AI score0.00454EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.6 views

Jenkins Plugin Failed Job Deactivator 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins Failed Job Deactivator Plugin...

4.3CVSS5.6AI score0.00553EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.6 views

Jenkins Plugin Failed Job Deactivator 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.JenJenkins Failed Job Deactivator Plugin...

4.3CVSS5.4AI score0.00454EPSS
Exploits0References5
Rows per page
Query Builder