CloudBees Jenkins Pipeline GitHub Notify Step Plugin Authorization Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An authorization issue...

CVE-2020-2118

A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

CVE-2020-2117

A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2020-2116

A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2020-2118

A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Design/Logic Flaw

A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

CVE-2020-2118

CVE-2020-2118 concerns Jenkins Pipeline GitHub Notify Step Plugin (versions 1.0.4 and earlier). The issue is a missing permission check in form-related methods that lets users with Overall/Read access enumerate credentials IDs stored in Jenkins. This disclosure could facilitate credential harvest...

CVE-2020-2118

A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

CVE-2020-2116

CVE-2020-2116 describes a CSRF flaw in Jenkins Pipeline GitHub Notify Step Plugin (versions 1.0.4 and earlier). The vulnerability allows an attacker to cause Jenkins to connect to an attacker‑controlled URL using attacker‑provided credentials IDs, potentially exposing stored credentials. Root cau...

CVE-2020-2116

A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2020-2117

Summary: CVE-2020-2117 affects Jenkins Pipeline GitHub Notify Step Plugin (versions 1.0.4 and earlier). A missing permission check allows attackers with Overall/Read permission to connect to an attacker‑specified URL using attacker‑specified credentials IDs, potentially capturing credentials stor...

CVE-2020-2117

A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

PT-2020-15323 · Jenkins · Jenkins Pipeline Github Notify Step Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline GitHub Notify Step Plugin versions 1.0.4 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing...

PT-2020-15324 · Jenkins · Jenkins Pipeline Github Notify Step Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline GitHub Notify Step Plugin versions 1.0.4 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified...

CVE-2020-7934

creationtimestamp| type| source ---|---|--- 2020-01-28 16:37:38+00:00| published-proof-of-concept| https://t.me/cveNotify/508...

The vulnerability of the Unbound DNS server, related to the execution of operations beyond the buffer in memory, allows attackers to cause a service failure.

The vulnerability of the Unbound DNS server is related to an error in processing certain NOTIFY requests. Exploiting this vulnerability could allow a malicious actor to cause a service failure...

FreeBSD : dovecot -- NULL pointer deref in notify with empty headers (b7dc4dde-2e48-43f9-967a-c68461537cf2)

Aki Tuomi reports Mail with group address as sender will cause a signal 11 crash in push notification drivers. Group address as recipient can cause crash in some drivers. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML...

dovecot -- null pointer deref in notify with empty headers

Aki Tuomi reports Mail with group address as sender will cause a signal 11 crash in push notification drivers. Group address as recipient can cause crash in some drivers...

Apache MINA Memory Corruption Vulnerability

Apache MINA is the United States Apache Apache Software Foundation of a web application framework. The product is mainly used to develop high-performance and highly scalable web applications. A security vulnerability exists in Apache MINA versions 2.0.20 and 2.1.0. The vulnerability stems from th...