Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

112 matches found

Tenable Nessus
Tenable Nessusadded 2023/07/21 12:0 a.m.28 views

Oracle Application Testing Suite (Jul 2023 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory: - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps Apach...

9.8CVSS7.2AI score0.339EPSS
Exploits4References5
Tenable Nessus
Tenable Nessusadded 2023/04/20 12:0 a.m.36 views

Oracle Application Testing Suite (Apr 2023 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory: - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps Apac...

7.5CVSS6.8AI score0.00413EPSS
Exploits0References5
OSV
OSVadded 2023/04/02 9:30 p.m.17 views

GHSA-MJG3-2V66-P34J Jenkins OctoPerf Load Testing Plugin missing permission check allows for ID enumeration

OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using...

4.3CVSS4.6AI score0.00529EPSS
Exploits0References3
OSV
OSVadded 2023/04/02 9:30 p.m.14 views

GHSA-WQ3W-3RXH-VCXX Jenkins OctoPerf Load Testing Plugin vulnerable to Cross-site Request Forgery

OctoPerf Load Testing Plugin Plugin 4.5.0 and earlier does not require POST requests for a connection test HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS4.8AI score0.00091EPSS
Exploits0References2
OSV
OSVadded 2023/04/02 9:30 p.m.21 views

GHSA-J9H4-P6P7-8652 Jenkins OctoPerf Load Testing Plugin vulnerable to credential capture

OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

6.5CVSS6.5AI score0.00555EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2023/04/02 9:30 p.m.26 views

Jenkins OctoPerf Load Testing Plugin vulnerable to Cross-site Request Forgery

OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to a previously configured Octoperf server using attacker-specified credentials. Additionally, these endpoints do not...

8.8CVSS8.2AI score0.00098EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2023/04/02 9:30 p.m.14 views

GHSA-X263-HP5C-P2RJ Jenkins OctoPerf Load Testing Plugin vulnerable to Cross-site Request Forgery

OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to a previously configured Octoperf server using attacker-specified credentials. Additionally, these endpoints do not...

4.3CVSS8.7AI score0.00098EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2023/04/02 9:30 p.m.25 views

Jenkins OctoPerf Load Testing Plugin vulnerable to Cross-site Request Forgery

OctoPerf Load Testing Plugin Plugin 4.5.0 and earlier does not require POST requests for a connection test HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS5.3AI score0.00091EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blogadded 2023/04/02 9:30 p.m.18 views

Jenkins OctoPerf Load Testing Plugin vulnerable to credential capture

OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

6.5CVSS6.5AI score0.00555EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blogadded 2023/04/02 9:30 p.m.24 views

Jenkins OctoPerf Load Testing Plugin missing permission check allows for ID enumeration

OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using...

4.3CVSS5.2AI score0.00529EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blogadded 2023/04/02 9:30 p.m.18 views

Jenkins OctoPerf Load Testing Plugin missing permission check allows for unauthorized server connections

Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to a previously configured Octoperf server using attacker-specified credentials. Additionally, these endpoints ...

4.3CVSS5.3AI score0.00529EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2023/04/02 9:15 p.m.12 views

CVE-2023-28674

A cross-site request forgery CSRF vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials...

8.8CVSS8.7AI score0.00098EPSS
Exploits0References1
NVD
NVDadded 2023/04/02 9:15 p.m.12 views

CVE-2023-28675

A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials...

4.3CVSS4.8AI score0.00529EPSS
Exploits0References1
NVD
NVDadded 2023/04/02 9:15 p.m.11 views

CVE-2023-28673

A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS4.8AI score0.00529EPSS
Exploits0References1
NVD
NVDadded 2023/04/02 9:15 p.m.14 views

CVE-2023-28672

Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

6.5CVSS6.6AI score0.00555EPSS
Exploits0References1
OSV
OSVadded 2023/04/02 9:15 p.m.1 views

CVE-2023-28673

A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.8AI score0.00529EPSS
Exploits0References1
Prion
Prionadded 2023/04/02 9:15 p.m.15 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS4.5AI score0.00091EPSS
Exploits0References1Affected Software1
Prion
Prionadded 2023/04/02 9:15 p.m.14 views

Design/Logic Flaw

A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials...

4CVSS4.4AI score0.00529EPSS
Exploits0References1Affected Software1
Prion
Prionadded 2023/04/02 9:15 p.m.12 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials...

6.8CVSS8.6AI score0.00098EPSS
Exploits0References1Affected Software1
Prion
Prionadded 2023/04/02 9:15 p.m.11 views

Information disclosure

A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4CVSS4.4AI score0.00529EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder