CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

286 matches found

Github Security Blog•added 2022/05/14 3:23 a.m.•13 views

Jenkins Perforce Plugin exposure of sensitive information vulnerability exists

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them...

6.5CVSS6.1AI score0.00858EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2022/05/13 1:48 a.m.•13 views

Jenkins Perforce Plugin uses ineffective credentials encryption

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with local file system access to obtain encrypted Perforce passwords and decrypt them...

6.5CVSS6AI score0.01142EPSS

Exploits0References3Affected Software1

OSV•added 2022/05/13 1:48 a.m.•14 views

GHSA-CWXX-GWWJ-PQJQ Jenkins Perforce Plugin uses ineffective credentials encryption

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with local file system access to obtain encrypted Perforce passwords and decrypt them...

6.5CVSS6.1AI score0.01142EPSS

Exploits0References3

vulnersOsv•added 2022/05/13 1:48 a.m.•2 views

org.hudsonci.plugins:reviewboard (=1.0.2-h-1) potentially affected by CVE-2018-1000145 via org.jvnet.hudson.plugins:perforce (=1.1.14)

org.jvnet.hudson.plugins:perforce MAVEN version =1.1.14 is affected by a known vulnerability. The following packages have a transitive dependency on org.jvnet.hudson.plugins:perforce and may be impacted: - org.hudsonci.plugins:reviewboard =1.0.2-h-1 Source cves: CVE-2018-1000145 Source advisory:...

6.5CVSS6.6AI score0.01142EPSS

Exploits0

OSV•added 2022/03/18 5:53 p.m.•25 views

GHSA-3RJ3-QP2J-4FJ2 Cross-Site Request Forgery in Jenkins P4 Plugin

A cross-site request forgery CSRF vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password. Jenkins P4 Plugin 1.11.5 requires POST requests for the affected HTTP endpoints...

7.1CVSS6.8AI score0.00522EPSS

Exploits0References4

Tenable Nessus•added 2021/11/08 12:0 a.m.•41 views

Jenkins Enterprise and Operations Center < 2.249.31.0.4 / 2.277.4.3 Multiple Vulnerabilities (CloudBees Security Advisory 2021-05-11)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.249.x prior to 2.249.31.0.4, or 2.x prior to 2.277.4.3. It is, therefore, affected by multiple vulnerabilities, including the following: - A cross-site request forgery CSRF vulnerability in Jenkin...

7.1CVSS5.8AI score0.72678EPSS

Exploits0References10

Github Security Blog•added 2021/06/16 5:29 p.m.•45 views

Missing Authorization in Jenkins P4 plugin

Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server using attacker-specified username and password. Jenkins P4 Plugin 1.11.5 requires...

4.3CVSS5AI score0.01301EPSS

Exploits0References4Affected Software1

CNVD•added 2021/05/12 12:0 a.m.•9 views

CloudBees Jenkins P4 Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site request forgery...

7.1CVSS6.6AI score0.00522EPSS

Exploits0References1

CNVD•added 2021/05/12 12:0 a.m.•9 views

CloudBees Jenkins P4 Plugin Access Control Error Vulnerability

4.3CVSS6.7AI score0.01301EPSS

Exploits0References1

OSV•added 2021/05/11 3:15 p.m.•2 views

CVE-2021-21655

7.1CVSS5.7AI score0.00522EPSS

Exploits0References1

OSV•added 2021/05/11 3:15 p.m.•2 views

CVE-2021-21654

4.3CVSS5.8AI score0.01301EPSS

Exploits0References1

NVD•added 2021/05/11 3:15 p.m.•11 views

CVE-2021-21654

4.3CVSS0.01301EPSS

Exploits0References1

NVD•added 2021/05/11 3:15 p.m.•14 views

CVE-2021-21655

7.1CVSS0.00522EPSS

Exploits0References1

Prion•added 2021/05/11 3:15 p.m.•13 views

Cross site request forgery (csrf)

5.8CVSS6.8AI score0.00522EPSS

Exploits0References1Affected Software1

Prion•added 2021/05/11 3:15 p.m.•18 views

Default credentials

4CVSS4.5AI score0.01301EPSS

Exploits0References1Affected Software1

Cvelist•added 2021/05/11 2:15 p.m.•16 views

CVE-2021-21655

7.1AI score0.00522EPSS

Exploits0References1

Cvelist•added 2021/05/11 2:15 p.m.•21 views

CVE-2021-21654

5.2AI score0.01301EPSS

Exploits0References1

Positive Technologies•added 2021/05/11 12:0 a.m.•3 views

PT-2021-14698 · Jenkins · Jenkins P4 Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins P4 Plugin versions 1.11.4 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password. The issue is...

7.1CVSS6.8AI score0.00522EPSS

Exploits0References7

Positive Technologies•added 2021/05/11 12:0 a.m.•4 views

PT-2021-14697 · Jenkins · Jenkins P4 Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins P4 Plugin versions 1.11.4 and earlier Description: The issue allows attackers with Overall/Read permission to connect to an attacker-specified Perforce server using attacker-specified username and password. This is due to a lack of...

4.3CVSS4.4AI score0.01301EPSS

Exploits0References5

CNNVD•added 2021/05/11 12:0 a.m.•3 views

Jenkins 访问控制错误漏洞

4.3CVSS5.9AI score0.01301EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by