Lucene search
K

15 matches found

NVD
NVD
added 2026/06/24 2:17 p.m.8 views

CVE-2026-57293

An incorrect permission check in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.31 views

CVE-2026-57293

An incorrect permission check in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credentials IDs of credentials stored in Jenkins...

0.0017EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 1:20 p.m.6 views

EUVD-2026-38774

An incorrect permission check in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.9AI score0.0017EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.7 views

CVE-2026-57293

An incorrect permission check in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.9AI score0.0017EPSS
Exploits0References2
Atlassian
Atlassian
added 2024/01/02 1:22 a.m.22 views

When anonymously accessed, the "Related Labels" section show labels that are tagged on pages in non-anonymous spaces.

h3. Issue Summary When anonymously accessed, the "Related Labels" section shows labels that are tagged on pages in non-anonymous spaces. This is reproducible on the Data Center: yes Pre-condition: 1. Page accessible anonymously has been labelled - e.g. label1 and label2. 2. Page that is not...

7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/11/29 3:30 p.m.24 views

Jenkins Google Compute Engine Plugin has incorrect permission checks

Jenkins Google Compute Engine Plugin 4.550.vb327fca3db11 and earlier does not correctly perform permission checks in multiple HTTP endpoints. This allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to do the following: - Enumerate...

2.7CVSS6.4AI score0.00531EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/09/08 9:15 a.m.5 views

CVE-2023-4777

An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credentials IDs of credentials stored in Jenkins and to connect to an...

4.3CVSS5.8AI score0.00317EPSS
Exploits0References1
OSV
OSV
added 2022/05/24 5:48 p.m.3 views

GHSA-3M3F-2323-64M7 Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs

Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints. This allows attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins. Those can be used as part of an...

6.5CVSS5.8AI score0.01082EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/06/01 4:12 a.m.3 views

jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints.

A flaw was found in the config-file-provider Jenkins plugin. The plugin does not correctly perform permission checks in several HTTP endpoints, as a consequence an attacker with global Job/Configure permission can enumerate system-scoped credentials IDs of credentials stored in Jenkins...

6.5CVSS6.7AI score0.01082EPSS
Exploits0References5
Atlassian
Atlassian
added 2018/10/23 8:19 a.m.116 views

JIRA Anonymous User Able To Search Creator Name In JQL Search When Key In Full User Name Even When Browse User Permission Doesn't Allow Anyone

h3. Summary JIRA Anonymous User Is Able To Search For Creator Name Via JQL Search Screen|http://localhost:8080/issues/?jql= By Insert Full User Name Even When Browse User Global Permission Doesn't Allow "Anyone". This is definitely not an expected behavior if "Browse User" wasn't set to anyone...

Exploits0Affected Software1
Atlassian
Atlassian
added 2017/10/17 2:8 p.m.26 views

Contributors Summary Macro Shows Data to Anonymous Users

h2. Steps to reproduce In Global Permission, ensure Anonymous users "Can Use" Confluence Create new Space , eg: SpaceA Go To Space Tools Permissions Edit Permission Ensure Anonymous Users has "View" Permission Create a few test pages in SpaceA Then, create a page containing both Contributors Macr...

4AI score
Exploits0
Atlassian
Atlassian
added 2017/10/17 2:8 p.m.32 views

Contributors Summary Macro Shows Data to Anonymous Users

h2. Steps to reproduce In Global Permission, ensure Anonymous users "Can Use" Confluence Create new Space , eg: SpaceA Go To Space Tools Permissions Edit Permission Ensure Anonymous Users has "View" Permission Create a few test pages in SpaceA Then, create a page containing both Contributors Macr...

6.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/16 1:47 p.m.19 views

OAuth Administration screen is visible to anonymous users

If anonymous user access is enabled under "Global Permission", user can access to "OAuth Administration" page without the need to log-in. Here is the URL to the page: /plugins/servlet/oauth/view-consumer-info This page display Confluence administrators menu on the sidebar and other information su...

2.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/16 1:47 p.m.23 views

OAuth Administration screen is visible to anonymous users

If anonymous user access is enabled under "Global Permission", user can access to "OAuth Administration" page without the need to log-in. Here is the URL to the page: /plugins/servlet/oauth/view-consumer-info This page display Confluence administrators menu on the sidebar and other information su...

2.5AI score
Exploits0
Atlassian
Atlassian
added 2013/07/02 12:16 p.m.20 views

Elevation of global permission from Administrator to System administrator

With "Administrator" permission I go to the global permissions page http://:7990/admin/permissions. 1. Type in the name of another user without any global permissions. 2. Select "System Administrator" as permission. 3. Press save. Expected result: Stash would deny me creating a "System...

0.2AI score
Exploits0Affected Software1
Rows per page
Query Builder