CVE-2021-21643

CVE-2021-21643 affects Jenkins Config File Provider Plugin (version 3.7.0 and earlier). The vulnerability arises because the plugin does not correctly perform permission checks on several HTTP endpoints, allowing attackers who have global Job/Configure permission to enumerate system-scoped creden...

CVE-2021-21643

Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins...

CVE-2021-21643

Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins...

Design/Logic Flaw

Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances...

Directory Traversal

spring-boot-actuator-logview is vulnerable to directory traversal. The vulnerability exists through the base folder parameter exposed in the log file directory through admin HTTP endpoints...

h1-ctf: [ Hacky Holidays CTF ] Completely taken down the Grinch Networks

Day 1 - Robot flag We're presented with sample ui page without any function. So I guessed content discovery is the best way to find flag. And robots.txt came to my mind and found the flag. https://hackyholidays.h1ctf.com/robots.txt Response User-agent: Disallow: /s3cr3t-ar3a Flag:...

CVE-2020-2322

Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks...

CVE-2020-2322

Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks...

CVE-2020-2322

Affected software : Jenkins Chaos Monkey Plugin (versions 0.3 and earlier). Root cause : several HTTP endpoints do not perform permission checks. Impact : enables attackers with Overall/Read permission to generate load and memory leaks. Evidence : CVE-2020-2322 and connected advisories describe t...

CVE-2020-2322

Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks...

Cloudbees Jenkins 授权问题漏洞

Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . A security vulnerability exists in...

Cloudbees Jenkins 授权问题漏洞

Cloudbees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . CVS Plugin is used in one of the CVS versi...

Privilege Escalation

jenkins-2-plugins/blueocean is vulnerable to privilege escalation. The vulnerability exists as the Blue Ocean Plugin does not perform permission checks in several HTTP endpoints implementing connection tests...

CVE-2020-2294

Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin...

CVE-2020-2294

Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin...

Design/Logic Flaw

Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin...

CVE-2020-2294

CVE-2020-2294 affects Jenkins Maven Cascade Release Plugin (versions 1.3.2 and earlier). The root cause is missing permission checks on several HTTP endpoints, enabling users with Overall/Read to start cascade builds, layout builds, and reconfigure the plugin. Reported impact per sources includes...

CVE-2020-2196

Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin...

CVE-2020-2196

Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin...

Cross site request forgery (csrf)

Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin...