Lucene search
+L

277 matches found

vulnersOsv
vulnersOsv
added 2024/12/19 6:31 p.m.8 views

RPD:bmc-rpd (=1.1), aendter.jenkins.plugins:filesystem-list-parameter-plugin (>=0.0.1 <=0.0.6) +25453 more potentially affected by CVE-2024-38819 via org.springframework:spring-webmvc (>=1.2.1 <=5.3.39)

org.springframework:spring-webmvc MAVEN version =1.2.1, =0.0.1, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =4.4.0.0, =0.0.12, =0.1.15 and more Source cves: CVE-2024-38819 Source advisory: OSV:GHSA-G5VR-RGQM-VF78...

7.5CVSS6.6AI score0.54862EPSS
Exploits6
Github Security Blog
Github Security Blog
added 2024/11/27 6:34 p.m.27 views

Jenkins Filesystem List Parameter Plugin has Path Traversal vulnerability

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter. This allows attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system. Filesystem List Parameter Plugin 0.0.15 ensur...

4.3CVSS6.9AI score0.00812EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/11/27 6:34 p.m.37 views

GHSA-FWXQ-3F52-5CMC Jenkins Filesystem List Parameter Plugin has Path Traversal vulnerability

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter. This allows attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system. Filesystem List Parameter Plugin 0.0.15 ensur...

5.3CVSS4.8AI score0.00812EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/27 5:3 p.m.38 views

CVE-2024-54004

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system...

0.00812EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/27 5:3 p.m.12 views

CVE-2024-54004

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system...

7AI score0.00812EPSS
Exploits0References1
CVE
CVE
added 2024/11/27 5:3 p.m.61 views

CVE-2024-54004

The CVE-2024-54004 entry affects Jenkins Filesystem List Parameter Plugin versions

4.3CVSS7AI score0.00812EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/11/27 12:0 a.m.19 views

Jenkins Filesystem List Parameter Plugin has Path Traversal vulnerability

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter. This allows attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system. Filesystem List Parameter Plugin 0.0.15 ensur...

4.3CVSS6.6AI score0.00812EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/11/27 12:0 a.m.15 views

Jenkins plugins Multiple Vulnerabilities (2024-11-27)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string. CVE-2024-47855 - Jenkins Simple Queue Plugin 1.4.4...

8CVSS5.4AI score0.79731EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2024/10/18 6:30 a.m.17 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +37176 more potentially affected by CVE-2024-38820 via org.springframework:spring-web (>=1.2.1 <=5.3.4)

org.springframework:spring-web MAVEN version =1.2.1, =1.1, =0.0.1, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.2.0 and more Source cves: CVE-2024-38820 Source advisory: OSV:GHSA-4GC7-5J7H-4QPH...

5.3CVSS6.6AI score0.00631EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/08/07 3:30 p.m.9 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1603 more potentially affected by CVE-2024-43045 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.452.3)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2024-43045 Source advisory: OSV:GHSA-8PV9-QH96-9HC6...

6.3CVSS6.7AI score0.04263EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2023/05/16 6:30 p.m.23 views

Jenkins File Parameter Plugin arbitrary file write vulnerability

Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters. This allows attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specifi...

8.8CVSS6.8AI score0.60683EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/05/16 6:30 p.m.24 views

GHSA-46F2-X6H2-X9HX Jenkins File Parameter Plugin arbitrary file write vulnerability

Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters. This allows attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specifi...

8.8CVSS8.6AI score0.60683EPSS
Exploits0References3
NVD
NVD
added 2023/05/16 4:15 p.m.15 views

CVE-2023-32986

Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified...

8.8CVSS8.7AI score0.60683EPSS
Exploits0References1
OSV
OSV
added 2023/05/16 4:15 p.m.5 views

CVE-2023-32986

Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified...

8.8CVSS5.9AI score0.60683EPSS
Exploits0References1
Prion
Prion
added 2023/05/16 4:15 p.m.18 views

Code injection

Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified...

6.5CVSS8.7AI score0.60683EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/16 4:0 p.m.17 views

CVE-2023-32986

Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified...

8.9AI score0.60683EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/16 4:0 p.m.10 views

CVE-2023-32986

Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified...

6.8AI score0.60683EPSS
Exploits0References1
CVE
CVE
added 2023/05/16 4:0 p.m.59 views

CVE-2023-32986

CVE-2023-32986 concerns the Jenkins File Parameter Plugin. Versions 285.v757c5b_67a_c25 and earlier allow attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system by supplying attacker-chosen content, due to an unrestricted Stashed File P...

8.8CVSS8.6AI score0.60683EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2023/05/16 4:0 p.m.24 views

CVE-2023-32986

Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified...

8.8CVSS7AI score0.60683EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/05/16 12:0 a.m.4 views

PT-2023-24119 · Jenkins · Jenkins File Parameter Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins File Parameter Plugin versions 285.v757c5b 67a c25 and earlier Description: The issue allows attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified...

8.8CVSS8.5AI score0.60683EPSS
Exploits0References5
Rows per page
Query Builder