CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

85 matches found

CVE•added 2022/11/15 12:0 a.m.•276 views

CVE-2022-45385

CVE-2022-45385 concerns a missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin (versions 2.6.2 and earlier). The flaw allows unauthenticated users to trigger builds for attacker-specified repositories via webhook endpoints. Multiple connected advisories confirm th...

7.5CVSS7.6AI score0.02261EPSS

Exploits0References2Affected Software1

OSV•added 2022/06/24 12:0 a.m.•13 views

GHSA-Q8V3-7H6Q-G39Q Cross-Site Request Forgery in Jenkins Jianliao Notification Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL...

4.3CVSS6.6AI score0.00062EPSS

Exploits0References3

OSV•added 2022/06/24 12:0 a.m.•20 views

GHSA-V6H8-5CP2-J9W4 Jenkins Jianliao Notification Plugin Missing Authorization vulnerability

Jenkins Jianliao Notification Plugin 1.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL. Additionally, this form validation method does not require...

4.3CVSS4.8AI score0.00119EPSS

Exploits0References2

Github Security Blog•added 2022/06/24 12:0 a.m.•22 views

Jenkins Jianliao Notification Plugin Missing Authorization vulnerability

4.3CVSS4.8AI score0.00119EPSS

Exploits0References3Affected Software1

OSV•added 2022/06/23 5:15 p.m.•1 views

CVE-2022-34205

A cross-site request forgery CSRF vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL...

6.5CVSS6.5AI score

Exploits0References1

OSV•added 2022/06/23 5:15 p.m.•0 views

CVE-2022-34206

A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL...

4.3CVSS6.4AI score

Exploits0References1

ATTACKERKB•added 2022/06/23 5:15 p.m.•2 views

CVE-2022-34205

A cross-site request forgery CSRF vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL...

6.5CVSS6.5AI score0.00062EPSS

Exploits0References2

ATTACKERKB•added 2022/06/23 5:15 p.m.•2 views

CVE-2022-34206

A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL...

4.3CVSS6.2AI score0.00119EPSS

Exploits0References2

NVD•added 2022/06/23 5:15 p.m.•17 views

CVE-2022-34205

A cross-site request forgery CSRF vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL...

6.5CVSS0.00062EPSS

Exploits0References1

Prion•added 2022/06/23 5:15 p.m.•18 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL...

4.3CVSS6.4AI score0.00062EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/06/22 2:41 p.m.•17 views

CVE-2022-34206

A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL...

6.8AI score0.00119EPSS

Exploits0References1

CVE•added 2022/06/22 2:41 p.m.•97 views

CVE-2022-34206

CVE-2022-34206 concerns Jenkins Jianliao Notification Plugin (1.1 and earlier). The root cause is a missing permission check in a form-validation method, allowing attackers with Overall/Read to send HTTP POST requests to an attacker-specified URL and enabling CSRF. The issue is confirmed across m...

4.3CVSS4.3AI score0.00119EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/06/22 2:41 p.m.•23 views

CVE-2022-34205

A cross-site request forgery CSRF vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL...

8AI score0.00062EPSS

Exploits0References1

CVE•added 2022/06/22 2:41 p.m.•98 views

CVE-2022-34205

CVE-2022-34205 describes a CSRF vulnerability in Jenkins Jianliao Notification Plugin (versions 1.1 and earlier) that allows an attacker to cause the server to issue HTTP POST requests to an attacker-controlled URL. The connected notes corroborate the issue across multiple feeds, all citing the s...

6.5CVSS6.3AI score0.00062EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2022/06/22 12:0 a.m.•1 views

PT-2022-22075 · Jenkins · Jenkins Jianliao Notification Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Jianliao Notification Plugin versions 1.1 and earlier Description: A cross-site request forgery CSRF issue allows attackers to send HTTP POST requests to an attacker-specified URL. This can be exploited by attackers to perform...

6.5CVSS6.2AI score0.00062EPSS

Exploits0References5

OSV•added 2022/05/24 4:59 p.m.•29 views

GHSA-XCJ6-4355-2823 Jenkins Mattermost Notification Plugin contains unencrypted storage of secret token

Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS6.3AI score0.00047EPSS

Exploits0References5

OSV•added 2022/05/13 1:31 a.m.•12 views

GHSA-WXJ2-QC9P-65R3 Jenkins Mattermost Notification Plugin vulnerable to SSRF

A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message...

4.3CVSS4.4AI score0.0003EPSS

Exploits0References3

Github Security Blog•added 2022/05/13 1:31 a.m.•17 views

Jenkins Mattermost Notification Plugin vulnerable to SSRF

4.3CVSS6.6AI score0.0003EPSS

Exploits0References4Affected Software1

CNVD•added 2022/01/26 12:0 a.m.•18 views

WordPress Cookie Notification Plugin Plugin SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. A SQL injection vulnerability exists in previous versions of the Wordpress Plugin Cookie Notification Plugin 1.0.9, which stems from the product's failure to validate special characters in the id...

6.5CVSS3.6AI score0.00903EPSS

Exploits2Affected Software1

CNNVD•added 2022/01/24 12:0 a.m.•5 views

WordPress plugin SQL注入漏洞

7.2CVSS6.1AI score0.00903EPSS

Exploits2References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by