Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

168 matches found

Github Security Blog
Github Security Blogadded 2022/05/14 1:39 a.m.16 views

CSRF vulnerability in Config File Provider Plugin

A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions...

8.1CVSS6.9AI score0.00072EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2022/05/14 1:39 a.m.16 views

GHSA-R5M8-5MWX-CMJ8 CSRF vulnerability in Config File Provider Plugin

A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions...

8.1CVSS8AI score0.00072EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2022/05/13 1:40 a.m.13 views

Improper Privilege Management in Jenkins Config File Provider Plugin

The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with only Overall/Read access to Jenkins were able to access URLs directly that allowed viewing these files. Access to view these files now requires sufficient...

6.5CVSS6.6AI score0.0003EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2022/05/13 1:40 a.m.19 views

GHSA-6H72-M3XW-FP3C Improper Privilege Management in Jenkins Config File Provider Plugin

The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with only Overall/Read access to Jenkins were able to access URLs directly that allowed viewing these files. Access to view these files now requires sufficient...

6.5CVSS6.4AI score0.0003EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2022/05/13 1:31 a.m.24 views

Jenkins Config File Provider Plugin XSS vulnerability

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...

4.8CVSS6.6AI score0.00064EPSS
Exploits0References6Affected Software1
OSV
OSVadded 2022/05/13 1:31 a.m.21 views

GHSA-PMC5-74W3-78MW Jenkins Config File Provider Plugin XSS vulnerability

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...

4.8CVSS5.2AI score0.00064EPSS
Exploits0References6
Apple
Appleadded 2021/10/25 12:0 a.m.44 views

About the security content of iOS 15.1 and iPadOS 15.1

About the security content of iOS 15.1 and iPadOS 15.1 This document describes the security content of iOS 15.1 and iPadOS 15.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...

9.3CVSS8.8AI score0.01217EPSS
Exploits0References1Affected Software2
RedhatCVE
RedhatCVEadded 2021/08/08 11:20 a.m.115 views

CVE-2021-21644

A cross-site request forgery CSRF vulnerability was found in the config-file-provider Jenkins plugin. The plugin does not require POST requests for an HTTP endpoint which allows attackers to delete configuration files corresponding to an attacker-specified ID...

6.3CVSS2.5AI score0.00125EPSS
Exploits0References3
RedHat Linux
RedHat Linuxadded 2021/07/02 12:20 a.m.3 views

jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints.

A flaw was found in the config-file-provider Jenkins plugin. The plugin does not perform permission checks in several HTTP endpoints, as a consequence an attacker with Overall/Read permission is allowed to enumerate configuration file IDs...

4.3CVSS6AI score0.00118EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2021/07/02 12:20 a.m.5 views

jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

A cross-site request forgery CSRF vulnerability was found in the config-file-provider Jenkins plugin. The plugin does not require POST requests for an HTTP endpoint which allows attackers to delete configuration files corresponding to an attacker-specified ID...

5.8CVSS6.2AI score0.00125EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2021/07/02 12:20 a.m.3 views

jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity (XXE) attacks.

A flaw was found in the config-file-provider Jenkins plugin. The plugin XML parser wasn't configure to prevent XML external entity XXE attacks. An attacker with the ability to define Maven configuration files can use this vulnerability to prepare a crafted configuration file that uses external...

8.1CVSS7.2AI score0.00298EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2021/07/02 12:20 a.m.3 views

jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints.

A flaw was found in the config-file-provider Jenkins plugin. The plugin does not correctly perform permission checks in several HTTP endpoints, as a consequence an attacker with global Job/Configure permission can enumerate system-scoped credentials IDs of credentials stored in Jenkins...

6.5CVSS6.7AI score0.00832EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2021/06/30 3:47 p.m.2 views

jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints.

A flaw was found in the config-file-provider Jenkins plugin. The plugin does not correctly perform permission checks in several HTTP endpoints, as a consequence an attacker with global Job/Configure permission can enumerate system-scoped credentials IDs of credentials stored in Jenkins...

6.5CVSS6.7AI score0.00832EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2021/06/30 3:47 p.m.3 views

jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity (XXE) attacks.

A flaw was found in the config-file-provider Jenkins plugin. The plugin XML parser wasn't configure to prevent XML external entity XXE attacks. An attacker with the ability to define Maven configuration files can use this vulnerability to prepare a crafted configuration file that uses external...

8.1CVSS7.2AI score0.00298EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2021/06/30 3:47 p.m.0 views

jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints.

A flaw was found in the config-file-provider Jenkins plugin. The plugin does not perform permission checks in several HTTP endpoints, as a consequence an attacker with Overall/Read permission is allowed to enumerate configuration file IDs...

4.3CVSS6AI score0.00118EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2021/06/30 3:47 p.m.4 views

jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

A cross-site request forgery CSRF vulnerability was found in the config-file-provider Jenkins plugin. The plugin does not require POST requests for an HTTP endpoint which allows attackers to delete configuration files corresponding to an attacker-specified ID...

5.8CVSS6.2AI score0.00125EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2021/06/22 7:58 a.m.1 views

jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity (XXE) attacks.

A flaw was found in the config-file-provider Jenkins plugin. The plugin XML parser wasn't configure to prevent XML external entity XXE attacks. An attacker with the ability to define Maven configuration files can use this vulnerability to prepare a crafted configuration file that uses external...

8.1CVSS7.2AI score0.00298EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2021/06/22 7:58 a.m.1 views

jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

A cross-site request forgery CSRF vulnerability was found in the config-file-provider Jenkins plugin. The plugin does not require POST requests for an HTTP endpoint which allows attackers to delete configuration files corresponding to an attacker-specified ID...

5.8CVSS6.2AI score0.00125EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2021/06/22 7:58 a.m.1 views

jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints.

A flaw was found in the config-file-provider Jenkins plugin. The plugin does not correctly perform permission checks in several HTTP endpoints, as a consequence an attacker with global Job/Configure permission can enumerate system-scoped credentials IDs of credentials stored in Jenkins...

6.5CVSS6.7AI score0.00832EPSS
Exploits0References5
Prion
Prionadded 2021/06/11 3:15 p.m.17 views

Information disclosure

Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P9.0 and below, and 12.2.0.9 in Android Q10.0 and above allows attacker to access contacts and file provider using SettingWebView component...

2.1CVSS4.1AI score0.00065EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder