PT-2022-27496 · Jenkins · Jenkins Delete Log Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Delete log Plugin versions 1.0 and earlier Description: A missing permission check in the Jenkins Delete log Plugin allows attackers with Item/Read permission to delete build logs. There is no information about real-world incidents...

CVE-2022-36890

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

CloudBees Jenkins Role-based Authorization Strategy Plugin Improper Privileges Vulnerability

Jenkins Role-based Authorization Strategy is Jenkins open source an application plugin . The plugin is used to add a new role-based mechanism to manage user rights . A privilege impropriety vulnerability exists in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier versions. An...

PT-2021-14669 · Jenkins · Jenkins Warnings Next Generation Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Warnings Next Generation Plugin versions 8.4.4 and earlier Description: The issue allows attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns mat...

Jenkins Role-based Authorization Strategy 权限许可和访问控制问题漏洞

Jenkins Role-based Authorization Strategy is Jenkins open source an application plugin . The plugin is used to add a new role-based mechanism to manage user rights . A privilege impropriety vulnerability exists in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier versions. An...