Lucene search
K

296 matches found

OSV
OSV
added 2022/10/19 4:15 p.m.18 views

CVE-2022-43417

Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in...

4.3CVSS4.5AI score
Exploits0References2
Prion
Prion
added 2022/10/19 4:15 p.m.20 views

Design/Logic Flaw

Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in...

4CVSS4.5AI score0.00554EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/10/19 4:15 p.m.20 views

Design/Logic Flaw

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4CVSS4.5AI score0.00457EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/10/19 12:0 a.m.85 views

CVE-2022-43427

CVE-2022-43427 affects Jenkins with the Compuware Topaz for Total Test Plugin 2.4.8 and earlier . The root issue is that several HTTP endpoints do not perform proper permission checks, allowing attackers with Overall/Read to enumerate the credentials IDs stored in Jenkins. This is a credential di...

4.3CVSS4.5AI score0.00457EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/19 12:0 a.m.6 views

CVE-2022-43417

Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in...

4.5AI score0.00554EPSS
Exploits0References2
OSV
OSV
added 2022/09/22 12:0 a.m.23 views

GHSA-4JFQ-4FQC-5J9C Jenkins Rundeck Plugin Missing Authorization vulnerability

Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled...

4.3CVSS4.5AI score0.00516EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/09/22 12:0 a.m.20 views

Missing permission checks in Jenkins CONS3RT Plugin allow enumerating credentials IDs

CONS3RT Plugin 1.0.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...

4.3CVSS5.7AI score0.00544EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/09/22 12:0 a.m.49 views

GHSA-P37P-WG92-2FC4 Missing permission checks in Jenkins CONS3RT Plugin allow enumerating credentials IDs

CONS3RT Plugin 1.0.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...

4.3CVSS4.7AI score0.00544EPSS
Exploits0References4
OSV
OSV
added 2022/09/21 4:15 p.m.24 views

CVE-2022-41233

Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled...

4.3CVSS4.3AI score
Exploits0References1
NVD
NVD
added 2022/09/21 4:15 p.m.25 views

CVE-2022-41233

Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled...

4.3CVSS0.00516EPSS
Exploits0References1
Prion
Prion
added 2022/09/21 4:15 p.m.24 views

Design/Logic Flaw

Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled...

4CVSS4.2AI score0.00516EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/09/21 3:45 p.m.25 views

CVE-2022-41233

Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled...

5AI score0.00516EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2022/09/21 3:45 p.m.51 views

CVE-2022-41233

Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled...

4.3CVSS2AI score0.00516EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2022/08/19 4:38 a.m.49 views

CVE-2022-30954

Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server...

6.5CVSS2.3AI score0.00835EPSS
Exploits0References4
OSV
OSV
added 2022/07/28 12:0 a.m.28 views

GHSA-VPF7-Q2RX-26MH Jenkins HashiCorp Vault Plugin does not perform permission checks in several HTTP endpoints that perform Vault connection tests

A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb858fd6bf48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys...

4.2CVSS6.5AI score0.00605EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/07/28 12:0 a.m.33 views

Jenkins Job Configuration History Plugin does not require POST requests for several HTTP endpoints

Jenkins Job Configuration History Plugin 1155.v28a46acc06a5 and earlier does not require POST requests for several HTTP endpoints, resulting in cross-site request forgery CSRF vulnerabilities. These vulnerabilities allow attackers to delete entries from job, agent, and system configuration histor...

4.3CVSS5.3AI score0.00362EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/28 12:0 a.m.53 views

Jenkins HashiCorp Vault Plugin does not perform permission checks in several HTTP endpoints that perform Vault connection tests

A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb858fd6bf48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys...

6.5CVSS6.4AI score0.00605EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/07/28 12:0 a.m.22 views

GHSA-HXF7-9RV9-88V6 Jenkins Compuware Xpediter Code Coverage Plugin Missing Authorization

Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. Those...

4.3CVSS4.9AI score0.00569EPSS
Exploits0References4
OSV
OSV
added 2022/07/28 12:0 a.m.24 views

GHSA-M8W5-VWQ3-GP8F Lucene-Search Plugin does not perform permission checks in several HTTP endpoints

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them...

4.3CVSS5.5AI score0.00434EPSS
Exploits0References4
OSV
OSV
added 2022/07/28 12:0 a.m.50 views

GHSA-75FC-FV3P-XH82 Jenkins Compuware Source Code Download is missing authorization

BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stor...

4.3CVSS6.7AI score0.00605EPSS
Exploits0References5
Rows per page
Query Builder