296 matches found
PT-2022-18832 · Jenkins · Jenkins Bitbucket Server Integration Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Bitbucket Server Integration Plugin versions 3.1.0 and earlier Description: The issue allows attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers due to a lack of permission checks in several...
Spring Boot Actuator Logview < 0.2.13 Directory Traversal
Spring Boot Actuator Logview is a library that adds a simple logfile viewer as Spring Boot Actuator endpoint. In Spring Boot Actuator Logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this library is to expose a log file directory via admin Spring Boot...
GHSA-3RJ3-QP2J-4FJ2 Cross-Site Request Forgery in Jenkins P4 Plugin
A cross-site request forgery CSRF vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password. Jenkins P4 Plugin 1.11.5 requires POST requests for the affected HTTP endpoints...
Cross-Site Request Forgery in Jenkins P4 Plugin
A cross-site request forgery CSRF vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password. Jenkins P4 Plugin 1.11.5 requires POST requests for the affected HTTP endpoints...
GHSA-23X5-J68G-6JPW Missing permission checks in Jenkins kubernetes-cd Plugin allow enumerating credentials IDs
kubernetes-cd Plugin 2.3.1 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...
Missing permission checks in Jenkins kubernetes-cd Plugin allow enumerating credentials IDs
kubernetes-cd Plugin 2.3.1 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...
Jenkins Conjur Secrets Plugin授权问题漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Conjur Secrets Plugin 1.0.11 and earlier versions are vulnerable to an authorization issue that stems from not...
CSRF vulnerability in Jenkins Checkmarx Plugin allow capturing credentials
Checkmarx Plugin 2022.1.2 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stor...
GHSA-WWF6-X2RV-VXQH Missing permission checks in Jenkins Checkmarx Plugin allow capturing credentials
Checkmarx Plugin 2022.1.2 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stor...
Missing permission checks in Jenkins Checkmarx Plugin allow capturing credentials
Checkmarx Plugin 2022.1.2 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stor...
GHSA-9WXH-JJJ5-67CV Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs
Jenkins SSH Agent Plugin prior to 1.23.2 and 1.22.1 does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using...
Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs
Jenkins SSH Agent Plugin prior to 1.23.2 and 1.22.1 does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using...
CVE-2021-41532
In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints...
pocsuite3
This is a PoC exploit for CVE-2021-NNNN, an exploit module/toolkit targeting a vulnerability in a specific product/service or framework. The target product/service or framework is not explicitly stated, but based on the code and metadata, it appears to be a web application vulnerability. The...
jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints.
A flaw was found in the config-file-provider Jenkins plugin. The plugin does not correctly perform permission checks in several HTTP endpoints, as a consequence an attacker with global Job/Configure permission can enumerate system-scoped credentials IDs of credentials stored in Jenkins...
jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints.
A flaw was found in the config-file-provider Jenkins plugin. The plugin does not perform permission checks in several HTTP endpoints, as a consequence an attacker with Overall/Read permission is allowed to enumerate configuration file IDs...
jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints.
A flaw was found in the config-file-provider Jenkins plugin. The plugin does not perform permission checks in several HTTP endpoints, as a consequence an attacker with Overall/Read permission is allowed to enumerate configuration file IDs...
jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints.
A flaw was found in the config-file-provider Jenkins plugin. The plugin does not correctly perform permission checks in several HTTP endpoints, as a consequence an attacker with global Job/Configure permission can enumerate system-scoped credentials IDs of credentials stored in Jenkins...
GHSA-XRG9-WWRQ-XMX9 Missing Authorization in Jenkins Kubernetes CLI Plugin
Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
Missing Authorization in Jenkins Kubernetes CLI Plugin
Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...