65 matches found
CVE-2019-10441
CVE-2019-10441 describes a CSRF in the Jenkins iceScrum Plugin (versions up to 1.1.5) that allowed an attacker to connect to an attacker‑specified URL using attacker‑specified credentials. The issue affects Jenkins iceScrum Plugin ≤ 1.1.5 and is mitigated by upgrading to version 1.1.6, per multip...
CVE-2019-10441
A cross-site request forgery vulnerability in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials...
PT-2019-11835 · Jenkins · Jenkins Icescrum Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins iceScrum Plugin versions 1.1.5 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials. Recommendations: For Jenkins iceScrum Plugin...
PT-2019-11836 · Jenkins · Jenkins Icescrum Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins iceScrum Plugin versions 1.1.5 and earlier Description: A missing permission check in the Jenkins iceScrum Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified...
PT-2019-11837 · Jenkins · Jenkins Icescrum Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins iceScrum Plugin version 1.1.4 and earlier Description: The issue allows stored credentials to be stored unencrypted in job config.xml files on the Jenkins master. These credentials could be viewed by users with Extended Read permissio...