CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

Veracode•added 2025/12/13 5:21 a.m.•4 views

Cross-site Request Forgery

Jenkins Nexus Task Runner Plugin is vulnerable to a Cross-Site Request Forgery CSRF. The vulnerability is due to missing CSRF protection on sensitive plugin endpoints, where crafted requests can trigger actions without user interaction, allowing attackers to force an authenticated Jenkins user to...

4.3CVSS6.7AI score0.0002EPSS

Exploits0References2Affected Software1

Veracode•added 2025/12/13 4:57 a.m.•4 views

Authorization Bypass

Jenkins Nexus Task Runner Plugin is vulnerable to an Authorization Bypass. The vulnerability is due to a missing permission check, allowing attackers with only Overall/Read permission to force the plugin to connect to an attacker-controlled URL using attacker-supplied credentials, potentially...

4.3CVSS6.8AI score0.00026EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2025/10/30 2:13 p.m.•1 views

CVE-2025-64142

A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS6.6AI score0.00026EPSS

Exploits0References1

Snyk•added 2025/10/29 3:31 p.m.•4 views

Cross-site Request Forgery (CSRF)

Overview org.jenkins-ci.plugins:nexus-task-runner is a This plugin executes Sonatype Nexus scheduled tasks after your build. For example, if you want to refresh your Nexus's repositories index after building your project, you can use execute a Nexus task whose type is "Publish index" using this...

5.4CVSS7AI score0.0002EPSS

Exploits0References2

EUVD•added 2025/10/29 3:31 p.m.•3 views

EUVD-2025-36656

Jenkins Nexus Task Runner Plugin is missing a permission check...

4.3CVSS6.2AI score0.00026EPSS

Exploits0References2

OSV•added 2025/10/29 3:31 p.m.•1 views

GHSA-X2PV-FPH3-PHFX Jenkins Nexus Task Runner Plugin vulnerable to cross-site request forgery

Jenkins Nexus Task Runner Plugin 0.9.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. Additionally, this endpoint does not require POST...

4.3CVSS6.7AI score0.0002EPSS

Exploits0References3

NVD•added 2025/10/29 2:15 p.m.•3 views

CVE-2025-64141

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS0.0002EPSS

Exploits0References2

Cvelist•added 2025/10/29 1:29 p.m.•4 views

CVE-2025-64142

0.00026EPSS

Exploits0References1

Vulnrichment•added 2025/10/29 1:29 p.m.•1 views

CVE-2025-64142

6.3AI score0.00026EPSS

Exploits0References1

Cvelist•added 2025/10/29 1:29 p.m.•4 views

CVE-2025-64141

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

0.0002EPSS

Exploits0References1

CVE•added 2025/10/29 1:29 p.m.•5 views

CVE-2025-64141

CVE-2025-64141 describes a CSRF vulnerability in Jenkins Nexus Task Runner Plugin, affecting versions 0.9.2 and earlier. An attacker can cause the controller to connect to an attacker‑specified URL using attacker‑specified credentials via an HTTP endpoint (CSRF). Exploitation details are not prov...

4.3CVSS6.4AI score0.0002EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2025/10/29 1:29 p.m.•1 views

CVE-2025-64141

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

6.4AI score0.0002EPSS

Exploits0References1

CNNVD•added 2025/10/29 12:0 a.m.•2 views

Jenkins plugin Nexus Task Runner 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

4.3CVSS6.6AI score0.00026EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by