Lucene search
K

408 matches found

NVD
NVD
added 2026/06/24 2:17 p.m.9 views

CVE-2026-57285

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration...

4.3CVSS0.00216EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 1:20 p.m.7 views

EUVD-2026-38785

A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username and password...

5.4CVSS5.8AI score0.00161EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.5 views

CVE-2026-57299

Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata...

4.3CVSS5.9AI score0.00187EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 1:20 p.m.9 views

CVE-2026-57297

CVE-2026-57297 affects Jenkins via the Contrast Continuous Application Security Plugin (3.11 and earlier). The issue is a missing permission check that lets attackers with Overall/Read access cause a connection to an attacker‑specified URL using attacker‑provided credentials (username, API key, s...

4.3CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/24 1:20 p.m.7 views

EUVD-2026-38775

A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a81c3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins...

5.4CVSS5.8AI score0.00161EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 1:20 p.m.9 views

EUVD-2026-38772

Missing permission checks in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

5.4CVSS5.8AI score0.00145EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.32 views

CVE-2026-57291

Missing permission checks in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

0.00145EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.6 views

CVE-2026-57285

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration...

4.3CVSS5.9AI score0.00216EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.32 views

CVE-2026-57285

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration...

0.00216EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51809

Name of the Vulnerable Software and Affected Versions Jenkins Contrast Continuous Application Security Plugin versions prior to 3.12 Description Missing permission checks allow users with Overall/Read permission to enumerate the names of configured Contrast metadata. Recommendations Update Jenkin...

4.3CVSS5.8AI score0.00187EPSS
Exploits0References4
Jenkins Security Advisories
Jenkins Security Advisories
added 2026/06/24 12:0 a.m.5 views

CSRF vulnerability and missing permission check in contrast-continuous-application-security

contrast-continuous-application-security 3.11 and earlier does not perform a permission check in an HTTP endpoint that tests the connection to a Contrast TeamServer. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username, AP...

5.4CVSS5.8AI score0.00187EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2026/06/24 12:0 a.m.6 views

Missing permission checks in contrast-continuous-application-security allow enumerating Contrast metadata

contrast-continuous-application-security 3.11 and earlier does not perform permission checks in several HTTP endpoints that fill list box options with the names of the configured Contrast metadata. This allows attackers with Overall/Read permission to enumerate the names of configured Contrast...

4.3CVSS5.8AI score0.00187EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.12 views

CVE-2026-48926

Jenkins Job Import Plugin 143.v044a2e819b27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.5AI score0.00178EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/27 5:34 p.m.9 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the form validation method. An attacker can connect to an arbitrary URL by leveraging Overall/Read permission. Remediation Upgrade com.rapid7:jenkinsci-appspider-plugin to version 1.0.18 or higher. References -...

5.3CVSS5.9AI score0.00187EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

Jenkins AppSpider Plugin 安全漏洞

The Jenkins AppSpider Plugin is an open-source Jenkins application security scanning integration plugin. The Jenkins AppSpider Plugin versions 1.0.17 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of permission checks in the method responsible for form...

4.3CVSS5.8AI score0.00187EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.12 views

PT-2026-44016

Name of the Vulnerable Software and Affected Versions Jenkins AppSpider Plugin versions prior to 1.0.18 Description A missing permission check in a method implementing form validation allows users with Overall/Read permissions to trigger a connection to an attacker-specified URL. Recommendations...

4.3CVSS5.8AI score0.00187EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/04 9:9 a.m.8 views

CVE-2026-42519

A flaw was found in Jenkins Script Security Plugin. An attacker with Overall/Read permission can exploit a missing permission check to enumerate pending and approved Script Security classpaths. This information disclosure vulnerability allows unauthorized access to sensitive configuration details...

6.5CVSS5.6AI score0.00174EPSS
Exploits0References4
NVD
NVD
added 2026/04/29 2:16 p.m.5 views

CVE-2026-42523

Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with...

9CVSS0.00281EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/29 1:31 p.m.5 views

CVE-2026-42523

Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with...

4.8AI score0.00281EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/29 1:31 p.m.5 views

CVE-2026-42522

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

4.3CVSS5.2AI score0.00184EPSS
Exploits0References2
Rows per page
Query Builder