296 matches found
GHSA-HGPQ-42PF-9VFQ Cross Site Request Forgery in Jenkins Blue Ocean Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server. Blue Ocean Plugin 1.25.4 requires POST requests and the appropriate permissions for the affected HTTP endpoints...
CVE-2022-30954
Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server...
Jenkins Blue Ocean Plugin 访问控制错误漏洞
Jenkins and Jenkins Plugin are both open source products from Jenkins.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. Jenkins Blue Ocean 1.25.3 and earlier versions are vulnerable to an acces...
Jenkins Bitbucket Server Integration Plugin授权问题漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application software.Jenkins Bitbucket Server...
Jenkins Pipeline Phoenix AutoTest Plugin访问控制错误漏洞
Jenkins Pipeline is a set of plug-ins that support the implementation and integration of continuous delivery pipelines into Jenkins.An access control error vulnerability exists in Jenkins Pipeline Phoenix AutoTest Plugin 1.3 and earlier, which stems from the plugin not performing permission check...
Jenkins Job and Node ownership Plugin授权问题漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Job and Node ownership Plugin 0.13.0 and earlier versions are vulnerable to an authorization issue that stems from...
Jenkins Proxmox Plugin Licensing Issue Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Proxmox Plugin 0.7.0 and earlier...
Missing permission checks in Jekins Bitbucket Server Integration Plugin
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers...
GHSA-R5R6-V8QH-PMPQ Missing permission checks in Jekins Bitbucket Server Integration Plugin
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers...
Missing permission checks in Jenkins Proxmox Plugin
Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for...
GHSA-2MGJ-MWVF-MPG5 Missing permission checks in Jenkins Proxmox Plugin
Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for...
GHSA-85F9-W9CX-H363 Cross site request forgery in Jenkins Job and Node ownership Plugin
Job and Node ownership Plugin 0.13.0 and earlier does not perform a permission check in several HTTP endpoints. This allows attackers with Item/Read permission to change the owners and item-specific permissions of a job. Additionally, this endpoint does not require POST requests, resulting in a...
CVE-2022-28144
Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for...
CVE-2022-28144
Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for...
Design/Logic Flaw
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers...
Default credentials
Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for...
CVE-2022-28144
Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for...
CVE-2022-28134
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers...
CVE-2022-28134
The data shows CVE-2022-28134 affects Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier, where multiple HTTP endpoints do not perform permission checks, allowing attackers with Overall/Read to create, view, and delete Bitbucket Server consumers. The issue is confirmed by multiple sour...
CVE-2022-28134
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers...