Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

296 matches found

NVD
NVDadded 2021/06/10 3:15 p.m.17 views

CVE-2021-21661

Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS0.0164EPSS
Exploits0References2
Cvelist
Cvelistadded 2021/06/10 2:25 p.m.17 views

CVE-2021-21661

Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

5.2AI score0.0164EPSS
Exploits0References2
Veracode
Veracodeadded 2021/06/08 12:38 p.m.32 views

Information Disclosure

Jenkins Config File Provider Plugin is vulnerable to information disclosure. It does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs. A flaw was found in the config-file-provider Jenkins plugin. The plugin does no...

4.3CVSS0.2AI score0.00887EPSS
Exploits0References5Affected Software1
Veracode
Veracodeadded 2021/06/08 12:38 p.m.23 views

Information Disclosure

jenkins-2-plugins is vulnerable to information disclosure. The vulnerability exists due to an insecure permission checks in serveral HTTP endpoints...

6.5CVSS0.5AI score0.01082EPSS
Exploits0References5Affected Software1
CNVD
CNVDadded 2021/05/12 12:0 a.m.6 views

CloudBees Jenkins Xray - Test Management for Jira Plugin Authorization Issues Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A vulnerability exists in...

4.3CVSS6.4AI score0.00865EPSS
Exploits0References1
CNVD
CNVDadded 2021/05/12 12:0 a.m.9 views

CloudBees Jenkins P4 Plugin Access Control Error Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An Access Control Error...

4.3CVSS6.7AI score0.01301EPSS
Exploits0References1
NVD
NVDadded 2021/05/11 3:15 p.m.13 views

CVE-2021-21650

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is enabled...

4.3CVSS0.00712EPSS
Exploits0References1
CVE
CVEadded 2021/05/11 2:15 p.m.88 views

CVE-2021-21654

CVE-2021-21654 affects Jenkins P4 Plugin (versions 1.11.4 and earlier). The vulnerability arises from missing permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read to connect to an attacker-specified Perforce server using attacker-controlled username and password. Imp...

4.3CVSS4.8AI score0.01301EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2021/05/11 2:15 p.m.16 views

CVE-2021-21650

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is enabled...

5AI score0.00712EPSS
Exploits0References1
CNVD
CNVDadded 2021/04/23 12:0 a.m.8 views

CloudBees Jenkins Config File Provider Plugin Privilege Checking Vulnerability (CNVD-2021-31659)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Config File Provider Plugin is used in one of...

4.3CVSS6.3AI score0.00887EPSS
Exploits0References1
CNVD
CNVDadded 2021/04/23 12:0 a.m.8 views

CloudBees Jenkins Config File Provider Plugin Privilege Check Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software release/testing projects and some of the timed execution of the task.Config File Provider Plugin is...

6.5CVSS6.2AI score0.01082EPSS
Exploits0References1
NVD
NVDadded 2021/04/21 3:15 p.m.23 views

CVE-2021-21643

Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins...

6.5CVSS0.01082EPSS
Exploits0References2
NVD
NVDadded 2021/04/21 3:15 p.m.18 views

CVE-2021-21645

Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs...

4.3CVSS0.00887EPSS
Exploits0References2
OSV
OSVadded 2021/04/21 3:15 p.m.28 views

CVE-2021-21643

Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins...

6.5CVSS6.2AI score
Exploits0References2
OSV
OSVadded 2021/04/21 3:15 p.m.21 views

CVE-2021-21645

Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs...

4.3CVSS6.4AI score
Exploits0References2
Prion
Prionadded 2021/04/21 3:15 p.m.25 views

Design/Logic Flaw

Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins...

4CVSS6.5AI score0.01082EPSS
Exploits0References2Affected Software1
Prion
Prionadded 2021/04/21 3:15 p.m.27 views

Design/Logic Flaw

Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs...

4CVSS5.2AI score0.00887EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2021/04/21 2:20 p.m.17 views

CVE-2021-21645

Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs...

5.7AI score0.00887EPSS
Exploits0References2
CVE
CVEadded 2021/04/21 2:20 p.m.177 views

CVE-2021-21645

CVE-2021-21645 affects Jenkins with the Config File Provider Plugin 3.7.0 and earlier. The root cause is missing permission checks in several HTTP endpoints, enabling attackers with Overall/Read permission to enumerate configuration file IDs. This aligns with related advisories (GHSA-2959-FJ73-HM...

4.3CVSS4.6AI score0.00887EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinuxadded 2021/04/21 2:20 p.m.36 views

CVE-2021-21645

Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs...

4.3CVSS1.4AI score0.00887EPSS
Exploits0References2
Rows per page
Query Builder