Lucene search
+L

89 matches found

OSV
OSV
added 2023/01/26 9:18 p.m.21 views

CVE-2023-24428

A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account...

5.7CVSS5.6AI score
Exploits0References1
Prion
Prion
added 2023/01/26 9:18 p.m.13 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account...

3.5CVSS5.6AI score0.00484EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/01/26 9:18 p.m.14 views

Design/Logic Flaw

Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login...

7.5CVSS9.5AI score0.01062EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.6 views

Jenkins Plugin Bitbucket OAuth 授权问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

9.8CVSS8.3AI score0.01062EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.4 views

PT-2023-19587 · Jenkins · Jenkins Bitbucket Oauth Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Bitbucket OAuth Plugin versions 0.12 and earlier Description: The issue arises because the Jenkins Bitbucket OAuth Plugin does not invalidate the previous session on login, which can lead to potential security risks. Recommendations:...

9.8CVSS9.3AI score0.01062EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2023/01/24 12:0 a.m.6 views

CVE-2023-24428

A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account...

7AI score0.00484EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/01/24 12:0 a.m.8 views

CVE-2023-24427

Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login...

7.1AI score0.01062EPSS
Exploits0References1
OSV
OSV
added 2022/05/24 4:59 p.m.86 views

GHSA-84H6-JF8X-FF2J Jenkins Bitbucket OAuth Plugin contains Insufficiently Protected Credentials

Jenkins Bitbucket OAuth Plugin prior to 0.10 stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system...

7.8CVSS7.5AI score0.00333EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2022/05/24 4:58 p.m.5 views

org.jenkins-ci.plugins:google-storage-plugin (>=0.1 <=0.4) potentially affected by CVE-2019-10436 via org.jenkins-ci.plugins:google-oauth-plugin (=0.1)

org.jenkins-ci.plugins:google-oauth-plugin MAVEN version =0.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:google-oauth-plugin and may be impacted: - org.jenkins-ci.plugins:google-storage-plugin =0.1, =0.4 Source cves:...

6.5CVSS6.6AI score0.00989EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/14 3:58 a.m.9 views

com.elasticbox.jenkins-ci.plugins:elasticbox (>=4.0.9 <=4.1.0), org.jenkins-ci.lib:xtrigger-lib (=0.36) +13 more potentially affected by CVE-2016-0789 via org.jenkins-ci.main:jenkins-core (>=1.643 <=1.649)

org.jenkins-ci.main:jenkins-core MAVEN version =1.643, =4.0.9, =1.643, =1.643, =1.645, =0.5, =1.648, =4.0.4, =1.0.0, =1.643, =1.0.45, =0.3.2, =0.3.8 - org.jenkins.plugins.statistics.gatherer:statistics-gatherer =1.0.1 Source cves: CVE-2016-0789 Source advisory: OSV:GHSA-8P3C-M625-WH83...

6.1CVSS6.7AI score0.0179EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/04/16 12:0 a.m.22 views

Atlassian OAuth Plugin 1.3.0 < 1.9.12 / 2.0.0 < 2.0.4 Server-Side Request Forgery

Atlassian OAuth Plugin from version 1.3.0 to 1.9.11 and from version 2.0.0 to 2.0.3 allows remote attackers to make the target application act as a proxy and perform requests to internal or external resources through the IconUriServlet. Attackers may leverage this vulnerability to conduct...

6.1CVSS6.6AI score0.71601EPSS
Exploits1References4
CNVD
CNVD
added 2019/10/29 12:0 a.m.47 views

Unspecified Vulnerability in CloudBees Jenkins Bitbucket OAuth Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Bitbucket OAuth Plugin is used in which a...

7.8CVSS7AI score0.00333EPSS
Exploits0References1
OSV
OSV
added 2019/10/23 1:15 p.m.16 views

CVE-2019-10460

Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system...

7.8CVSS6.7AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/10/23 12:0 a.m.10 views

PT-2019-11854 · Jenkins · Jenkins Bitbucket Oauth Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Bitbucket OAuth Plugin versions 0.9 and earlier Jenkins Bitbucket OAuth Plugin prior to 0.10 Description: The issue concerns the storage of credentials in an unencrypted manner in the global config.xml configuration file on the Jenkin...

7.8CVSS7.5AI score0.00333EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2018/06/28 12:0 a.m.49 views

Atlassian Bitbucket < 4.14.4 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF

The version of Atlassian Bitbucket installed on the remote host is prior to 4.14.4. It is, therefore, affected by a internal network resource disclosure CSRF vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue but has instead relied only on the...

6.1CVSS6.2AI score0.71601EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2018/06/28 12:0 a.m.53 views

Atlassian Confluence < 6.1.3 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 6.1.3. It is, therefore, affected by a internal network resource disclosure CSRF vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this...

6.1CVSS6.2AI score0.71601EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2018/06/28 12:0 a.m.37 views

Atlassian FishEye < 4.3.2 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF

According to its self-reported version, the installation of Atlassian FishEye running on the remote host is prior to 4.3.2. It is, therefore, affected by a internal network resource disclosure CSRF vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue bu...

6.1CVSS6.2AI score0.71601EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2018/06/28 12:0 a.m.39 views

Atlassian Bamboo < 6.0.0 OAuth plugin allows arbitrary HTTP requests to be proxied

According to its self-reported version number, the instance of Atlassian Bamboo running on the remote host is prior to 6.0.0. It is, therefore, affected by a internal network resource disclosure CSRF vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue...

6.1CVSS6.2AI score0.71601EPSS
Exploits1References2
Hacker One
Hacker One
added 2018/03/15 3:41 a.m.43 views

U.S. Dept Of Defense: SSRF on █████████ Allowing internal server data access

Summary: An end point on ██████ allows an internal access to the network thus revealing sensitive data and allowing internal tunneling Description: OAuth Plugin allows you to provide a url that gives a snap shot of the web page. We can pass internal URLS and conduct SSRF. Impact Critical...

4.3CVSS2AI score0.71601EPSS
Exploits1
Atlassian
Atlassian
added 2017/08/30 2:12 a.m.130 views

The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506

The version of the bundled Atlassian OAuth plugin was vulnerable to Server Side Request Forgery SSRF. This allowed a XSS and or a SSRF attack to be performed. More information about the Atlassian OAuth plugin issue see https://ecosystem.atlassian.net/browse/OAUTH-344 . When running in an...

6.1CVSS2AI score0.71601EPSS
Exploits1Affected Software1
Rows per page
Query Builder