Lucene search
K

613 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:18 p.m.6 views

CVE-2022-36893

Jenkins rpmsign-plugin Plugin 0.5.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace...

4.3CVSS5.9AI score0.00581EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:13 p.m.22 views

CVE-2022-36890

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

4.3CVSS6.6AI score0.00995EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:57 p.m.6 views

CVE-2022-43713

Interactive Forms IAF in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed...

7.5CVSS6.8AI score0.0043EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:7 p.m.8 views

CVE-2020-2206

Jenkins VncRecorder Plugin 1.25 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting XSS vulnerability...

6.1CVSS5.8AI score0.00871EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:26 p.m.11 views

CVE-2020-2244

Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to provide console output for builds used to test build log indications...

5.4CVSS5.7AI score0.00753EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:24 a.m.25 views

CVE-2019-10300

A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfigdoTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

8CVSS6.2AI score0.01355EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:7 a.m.8 views

CVE-2019-1003090

A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpldoValidate form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.6AI score0.01296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:7 a.m.11 views

CVE-2019-1003086

A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.6AI score0.01296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:1 a.m.8 views

CVE-2019-1003076

A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpldoTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.6AI score0.01296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:14 a.m.7 views

CVE-2019-10311

A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptordoTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

8.8CVSS6.4AI score0.01832EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:12 a.m.13 views

CVE-2019-1003083

A missing permission check in Jenkins Gearman Plugin in the GearmanPluginConfigdoTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

6.5CVSS6.6AI score0.01486EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:7 a.m.6 views

CVE-2015-9443

The accurate-form-data-real-time-form-validation plugin 1.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=AccuDataWP...

6.5CVSS6.1AI score0.00846EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2025/03/04 2:40 p.m.5 views

jenkins-plugin/script-security: Jenkins Script Security Plugin File Disclosure Vulnerability

A flaw was found in the Jenkins Script Security Plugin. This vulnerability allows attackers with Overall/Read permission to check for the existence of files on the controller file system via a method that implements form validation that does not perform a permission check...

4.3CVSS5.8AI score0.0036EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/03/04 2:39 p.m.10 views

jenkins-plugin/script-security: Jenkins Script Security Plugin File Disclosure Vulnerability

A flaw was found in the Jenkins Script Security Plugin. This vulnerability allows attackers with Overall/Read permission to check for the existence of files on the controller file system via a method that implements form validation that does not perform a permission check...

4.3CVSS5.8AI score0.0036EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/03/04 2:38 p.m.6 views

jenkins-plugin/script-security: Jenkins Script Security Plugin File Disclosure Vulnerability

A flaw was found in the Jenkins Script Security Plugin. This vulnerability allows attackers with Overall/Read permission to check for the existence of files on the controller file system via a method that implements form validation that does not perform a permission check...

4.3CVSS5.8AI score0.0036EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/03/04 2:20 p.m.7 views

jenkins-plugin/script-security: Jenkins Script Security Plugin File Disclosure Vulnerability

A flaw was found in the Jenkins Script Security Plugin. This vulnerability allows attackers with Overall/Read permission to check for the existence of files on the controller file system via a method that implements form validation that does not perform a permission check...

4.3CVSS5.8AI score0.0036EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/03/04 2:19 p.m.3 views

jenkins-plugin/script-security: Jenkins Script Security Plugin File Disclosure Vulnerability

A flaw was found in the Jenkins Script Security Plugin. This vulnerability allows attackers with Overall/Read permission to check for the existence of files on the controller file system via a method that implements form validation that does not perform a permission check...

4.3CVSS5.8AI score0.0036EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2024/11/18 8:21 a.m.15 views

CVE-2024-52549

A flaw was found in the Jenkins Script Security Plugin. This vulnerability allows attackers with Overall/Read permission to check for the existence of files on the controller file system via a method that implements form validation that does not perform a permission check. Mitigation Mitigation f...

4.3CVSS6.2AI score0.0036EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/11/13 9:30 p.m.17 views

Missing permission check in Jenkins Script Security Plugin

Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va3bb89f8a95b and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the...

4.3CVSS6.8AI score0.0036EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2024/11/13 8:53 p.m.3 views

CVE-2024-52549

Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va3bb89f8a95b and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the...

4.3CVSS6.9AI score0.0036EPSS
Exploits0References1
Rows per page
Query Builder