Lucene search
K

23 matches found

RedhatCVE
RedhatCVE
added 2025/10/30 2:13 p.m.5 views

CVE-2025-64141

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS6.7AI score0.0019EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/10/29 3:31 p.m.10 views

Jenkins Nexus Task Runner Plugin vulnerable to cross-site request forgery

Jenkins Nexus Task Runner Plugin 0.9.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. Additionally, this endpoint does not require POST...

4.3CVSS6.7AI score0.0019EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/29 3:31 p.m.7 views

EUVD-2025-36657

Jenkins Nexus Task Runner Plugin vulnerable to cross-site request forgery...

4.3CVSS6.3AI score0.0019EPSS
Exploits0References2
OSV
OSV
added 2025/10/29 3:31 p.m.4 views

GHSA-H83R-7F9F-MQJJ Jenkins Nexus Task Runner Plugin is missing a permission check

Jenkins Nexus Task Runner Plugin 0.9.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. Additionally, this endpoint does not require POST...

4.3CVSS6.7AI score0.00227EPSS
Exploits0References3
OSV
OSV
added 2025/10/29 2:15 p.m.7 views

CVE-2025-64141

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS5.7AI score0.0019EPSS
Exploits0References2
NVD
NVD
added 2025/10/29 2:15 p.m.8 views

CVE-2025-64142

A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS0.00227EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/29 12:0 a.m.11 views

Jenkins Nexus Task Runner Plugin 安全漏洞

Jenkins Nexus Task Runner Plugin is an open source plugin for Jenkins. A security vulnerability exists in Jenkins Nexus Task Runner Plugin version 0.9.2 and earlier, which stems from vulnerability to a cross-site request forgery attack that could result in a connection to an attacker-specified UR...

4.3CVSS6.5AI score0.0019EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.6 views

PT-2025-44290

Name of the Vulnerable Software and Affected Versions Jenkins Nexus Task Runner Plugin versions 0.9.2 and earlier Description A cross-site request forgery CSRF issue exists in the Jenkins Nexus Task Runner Plugin. This allows attackers to connect to a URL specified by the attacker, using...

4.3CVSS6.5AI score0.0019EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.7 views

PT-2025-44291

Name of the Vulnerable Software and Affected Versions Jenkins Nexus Task Runner Plugin versions 0.9.2 and earlier Description A missing permission check allows attackers with Overall/Read permission to connect to a URL specified by the attacker, using credentials also specified by the attacker. T...

4.3CVSS6.4AI score0.00227EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-3098

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.00447EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 4:29 a.m.12 views

CVE-2023-50767

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML...

5.4CVSS6.6AI score0.0044EPSS
Exploits0
OSV
OSV
added 2023/12/13 6:31 p.m.24 views

GHSA-4G5F-W3MH-W99M Jenkins Nexus Platform Plugin missing permission check

Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another...

4.2CVSS4.9AI score0.00485EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/12/13 6:31 p.m.24 views

Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability

Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. Additionally, the plugin does not...

8.8CVSS6.8AI score0.00447EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2023/12/13 6:15 p.m.26 views

CVE-2023-50769

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS0.00485EPSS
Exploits0References2
NVD
NVD
added 2023/12/13 6:15 p.m.16 views

CVE-2023-50766

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML...

8.8CVSS0.00447EPSS
Exploits0References2
Prion
Prion
added 2023/12/13 6:15 p.m.19 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML...

6.8CVSS7AI score0.00447EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/12/13 6:15 p.m.21 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.8CVSS6.8AI score0.00447EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/12/13 6:15 p.m.19 views

Design/Logic Flaw

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4CVSS6.7AI score0.00485EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/12/13 5:30 p.m.11 views

CVE-2023-50768

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8AI score0.00447EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2023/12/13 5:30 p.m.36 views

CVE-2023-50766

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML...

8.8CVSS7.2AI score0.00447EPSS
Exploits0References2
Rows per page
Query Builder