CSRF vulnerability in Jenkins openstack-heat Plugin

openstack-heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation. This form validation methods do not require POST requests, resulting in a cross-site request forgery CSRF vulnerability...

Jenkins Openstack Heat Plugin does not perform permission checks in methods implementing form validation

Jenkins openstack-heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. A sequence of requests...

GHSA-FQHM-FJJV-7Q8X CSRF vulnerability in Jenkins openstack-heat Plugin

openstack-heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation. This form validation methods do not require POST requests, resulting in a cross-site request forgery CSRF vulnerability...

CVE-2022-36913

Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

CVE-2022-36913

Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

CVE-2022-36911

A cross-site request forgery CSRF vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL...

CVE-2022-36912

A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2022-36911

A cross-site request forgery CSRF vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL...

Design/Logic Flaw

A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2022-36913

The CVE-2022-36913 entry concerns Jenkins Openstack Heat Plugin versions 1.5 and earlier, which do not perform permission checks in methods implementing form validation. The underlying issue enables attackers with Overall/Read permission to check for the existence of an attacker-specified file pa...

CVE-2022-36912

Affected software: Jenkins Openstack Heat Plugin (versions 1.5 and earlier). Root cause: missing permission check in methods implementing form validation. Impact: attackers with Overall/Read permissions can connect to an attacker-specified URL (no other impact described). Status/mitigation: no ex...

CVE-2022-36912

A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2022-36911

A cross-site request forgery CSRF vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL...

CVE-2022-36911

Consolidated details show a CSRF vulnerability in Jenkins Openstack Heat Plugin (version 1.5 and earlier). The underlying issue is lack of permission checks in methods implementing form validation, which do not require POST requests, enabling an attacker to trigger connections to an attacker-spec...

Jenkins Openstack Heat Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2022-4011 · Jenkins · Jenkins Openstack Heat Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Openstack Heat Plugin versions 1.5 and earlier Description: The issue is related to insufficient authorization procedures in the Jenkins Openstack Heat Plugin, allowing remote attackers with Overall/Read permission to gain unauthorize...

PT-2022-4015 · Jenkins · Jenkins Openstack Heat Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Openstack Heat Plugin versions 1.5 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL. The issue is related to the lack of permission checks in methods...

PT-2022-4012 · Jenkins · Jenkins Openstack Heat Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Openstack Heat Plugin versions 1.5 and earlier Description: The issue is related to insufficient authorization procedures in the Jenkins Openstack Heat Plugin, allowing a remote attacker to perform URL redirection. A missing permissio...

SUSE-SU-2021:3728-1 Security update for ardana-ansible, ardana-monasca, documentation-suse-openstack-cloud, openstack-ec2-api, openstack-heat-templates, python-Django, python-monasca-common, rubygem-redcarpet, rubygem-puma

This update for ardana-ansible, ardana-monasca, documentation-suse-openstack-cloud, openstack-ec2-api, openstack-heat-templates, python-Django, python-monasca-common, rubygem-redcarpet, rubygem-puma contains the following fixes: Security fixes included in this update: rubygem-redcarpet:...