11633 matches found
Security Bulletin: Potential denial of service may affect IBM HTTP Server on Windows (CVE-2015-1829), impacting Asset and Service Management
Summary There is a potential denial of service that may affect IBM HTTP Server on Windows CVE-2015-1829. To exploit the attack requires local access to the server system. The attack affects Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for...
Security Bulletin: Vulnerability in SSLv3 affects TRIRIGA for Energy Optimization (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in TRIRIGA for Energy Optimization previously known as Intelligent Building Management. Vulnerability Details CVE-ID : CVE-2014-3566 DESCRIPTION :...
Missing permission check in Jenkins SCM HttpClient Plugin allow capturing credentials
SCM HttpClient Plugin 1.5 and earlier does not perform permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing...
Missing permission checks in Jenkins CONS3RT Plugin allow capturing credentials
CONS3RT Plugin 1.0.0 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing...
CSRF vulnerability in Jenkins CONS3RT Plugin allow capturing credentials
CONS3RT Plugin 1.0.0 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing...
Jenkins SCM HttpClient Plugin vulnerable to Cross-Site Request Forgery
SCM HttpClient Plugin 1.5 and earlier does not perform permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing...
GHSA-Q9J5-2MJX-8X28 Missing permission check in Jenkins SCM HttpClient Plugin allow capturing credentials
SCM HttpClient Plugin 1.5 and earlier does not perform permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing...
GHSA-6CVR-RVPM-9WX4 Jenkins SCM HttpClient Plugin vulnerable to Cross-Site Request Forgery
SCM HttpClient Plugin 1.5 and earlier does not perform permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing...
Unified Remote Auth Bypass to RCE
This module utilizes the Unified Remote remote control protocol to type out and deploy a payload. The remote control protocol can be configured to have no passwords, a group password, or individual user accounts. If the web page is accessible, the access control is set to no password for...
CVE-2022-41253
A cross-site request forgery CSRF vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-41249
A cross-site request forgery CSRF vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-41250
A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-41254
Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-41254
Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Design/Logic Flaw
Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-41254
CVE-2022-41254 is confirmed in the connected records as a vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier where there are missing permission checks that allow attackers with Overall/Read permissions to connect to an attacker-specified HTTP server using attacker-specified credentials IDs...
CVE-2022-41253
A cross-site request forgery CSRF vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-41250
CVE-2022-41250 : The Jenkins SCM HttpClient Plugin 1.5 and earlier contains a missing permission check in a function handling credential access, allowing attackers with Overall/Read to connect to an attacker‑specified HTTP server using attacker‑specified credentials IDs and to capture credentials...