CVE-2022-36912

A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2022-36912

A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL...

Design/Logic Flaw

A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

Design/Logic Flaw

Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

CVE-2022-36913

Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

CVE-2022-36913

The CVE-2022-36913 entry concerns Jenkins Openstack Heat Plugin versions 1.5 and earlier, which do not perform permission checks in methods implementing form validation. The underlying issue enables attackers with Overall/Read permission to check for the existence of an attacker-specified file pa...

CVE-2022-36912

Affected software: Jenkins Openstack Heat Plugin (versions 1.5 and earlier). Root cause: missing permission check in methods implementing form validation. Impact: attackers with Overall/Read permissions can connect to an attacker-specified URL (no other impact described). Status/mitigation: no ex...

CVE-2022-36912

A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2022-36912

A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2022-36911

A cross-site request forgery CSRF vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL...

CVE-2022-36911

Consolidated details show a CSRF vulnerability in Jenkins Openstack Heat Plugin (version 1.5 and earlier). The underlying issue is lack of permission checks in methods implementing form validation, which do not require POST requests, enabling an attacker to trigger connections to an attacker-spec...

Jenkins Openstack Heat Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2022-4011 · Jenkins · Jenkins Openstack Heat Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Openstack Heat Plugin versions 1.5 and earlier Description: The issue is related to insufficient authorization procedures in the Jenkins Openstack Heat Plugin, allowing remote attackers with Overall/Read permission to gain unauthorize...

Jenkins Openstack Heat Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2022-4015 · Jenkins · Jenkins Openstack Heat Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Openstack Heat Plugin versions 1.5 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL. The issue is related to the lack of permission checks in methods...

PT-2022-4012 · Jenkins · Jenkins Openstack Heat Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Openstack Heat Plugin versions 1.5 and earlier Description: The issue is related to insufficient authorization procedures in the Jenkins Openstack Heat Plugin, allowing a remote attacker to perform URL redirection. A missing permissio...

Jenkins Openstack Heat Plugin 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site request...

CVE-2022-0670

A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of...

CVE-2022-0670

A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of...