85 matches found
CVE-2021-39340 Notification – Custom Notifications and Alerts for WordPress <= 7.2.4 Authenticated Stored Cross-Site Scripting
The Notification WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /src/classes/Utils/Settings.php file which made it possible for attackers with administrative user access to inject arbitrary we...
WordPress Notification plugin <= 7.2.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress Notification plugin versions = 7.2.4. Solution Update the WordPress Notification plugin to the latest available version at least 8.0.0...
CVE-2020-2297
The CVE-2020-2297 entry concerns Jenkins SMS Notification Plugin versions 1.2 and earlier, where an access token is stored unencrypted in the global configuration file on the Jenkins controller. The file com.hoiio.jenkins.plugin.SMSNotification.xml can be viewed by users with filesystem access, e...
PT-2020-15527 · Jenkins · Jenkins Sms Notification Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins SMS Notification Plugin versions 1.2 and earlier Description: The issue concerns the storage of an access token in an unencrypted form within the global configuration file on the Jenkins controller. Specifically, the file...
CVE-2019-10459
Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10459
Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10459
CVE-2019-10459 affects Jenkins Mattermost Notification Plugin ≤ 2.7.0. The vulnerability stems from webhook URLs containing a secret token being stored unencrypted in the plugin’s global configuration and in job config.xml on the Jenkins master, enabling disclosure by users with Extended Read per...
CVE-2019-10379
Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-10379
CVE-2019-10379 affects the Jenkins Google Cloud Messaging Notification Plugin (version 1.0 and earlier). The root cause is that credentials are stored unencrypted in the plugin’s global configuration file on the Jenkins master, enabling access by users with master filesystem access. Connected doc...
CloudBees Jenkins CSRF Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Slack Notification Plugin is used in one of t...
CloudBees Jenkins Cross-Site Request Forgery Vulnerability (CNVD-2019-09290)
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Slack Notification Plugin is used in one of t...
CVE-2019-1003044
A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-1003044
A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-1003043
A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-1003043
A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-1003044
Summary: CVE-2019-1003044 is a CSRF vulnerability in Jenkins Slack Notification Plugin version 2.19 and earlier. The issue allows an attacker to craft a request that connects to an attacker-chosen URL using credentials IDs that an attacker can obtain by other means, potentially exposing credentia...
CVE-2019-1003043
Summary: Jenkins Slack Notification Plugin (versions ≤ 2.19) contains a missing permission check in a form-validation pathway that can be exploited by users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially exfiltrating credenti...
CVE-2019-1003044
A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Server side request forgery (ssrf)
A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message...
CVE-2019-1003026
A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message...