Lucene search
K

258 matches found

Github Security Blog
Github Security Blog
added 2023/05/16 6:30 p.m.23 views

Jenkins NS-ND Integration Performance Publisher Plugin displays credentials without masking

Jenkins NS-ND Integration Performance Publisher Plugin stores credentials in job config.xml files on the Jenkins controller as part of its configuration. While these credentials are stored encrypted on disk, in NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier, the job...

7.5CVSS6.6AI score0.00569EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/05/16 12:0 a.m.8 views

Jenkins NS-ND Integration Performance Publisher Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

7.5CVSS7.3AI score0.00569EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/04/02 9:30 p.m.33 views

Jenkins Performance Publisher Plugin vulnerable to XML external entity (XXE) attacks

Jenkins Performance Publisher Plugin 8.09 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control PerfPublisher report files to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets...

8.2CVSS7.9AI score0.00569EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/04/02 9:15 p.m.5 views

CVE-2023-28682

Jenkins Performance Publisher Plugin 8.09 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.2CVSS7.3AI score0.00569EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/23 11:26 a.m.10 views

CVE-2023-28682

Jenkins Performance Publisher Plugin 8.09 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.2AI score0.00569EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/02/28 12:0 a.m.23 views

WordPress plugin GN Publisher 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

6.1CVSS6.7AI score0.0126EPSS
Exploits3References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:20 a.m.3 views

SUSE CVE-2018-1000175

A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master...

6.5CVSS6.5AI score0.02714EPSS
Exploits0References3
OSV
OSV
added 2022/11/15 8:15 p.m.7 views

CVE-2022-45391

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM...

7.5CVSS5.8AI score0.00396EPSS
Exploits0References2
OSV
OSV
added 2022/11/15 8:15 p.m.5 views

CVE-2022-45392

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system...

6.5CVSS5.8AI score
Exploits0References2
CNNVD
CNNVD
added 2022/11/15 12:0 a.m.52 views

Jenkins NS-ND Integration Performance Publisher Plugin 信任管理问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A trust management issue...

7.5CVSS7.3AI score0.00396EPSS
Exploits0References7
CVE
CVE
added 2022/11/15 12:0 a.m.280 views

CVE-2022-38666

CVE-2022-38666 affects Jenkins NS-ND Integration Performance Publisher Plugin, where versions 4.8.0.146 and earlier unconditionally disable SSL/TLS certificate and hostname validation for several features. Root cause: unconditional disabling of TLS validation within the plugin. Documented impact:...

7.5CVSS7.6AI score0.00396EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/11/15 12:0 a.m.280 views

CVE-2022-45391

Affected product: Jenkins NS-ND Integration Performance Publisher Plugin (version 4.8.0.143 and earlier). Issue: plugin globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM, undermining TLS trust and enabling potential interceptio...

7.5CVSS7.6AI score0.00396EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/11/15 12:0 a.m.276 views

CVE-2022-45392

CVE-2022-45392 concerns the Jenkins NS-ND Integration Performance Publisher Plugin (v4.8.0.143 and earlier). The vulnerability stores passwords in plaintext in job config.xml files on the Jenkins controller, allowing exposure to anyone with Extended Read permission or access to the controller fil...

6.5CVSS6.5AI score0.00636EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/22 12:0 a.m.32 views

Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 requires POST requests and Overall/Administer...

8.8CVSS8.2AI score0.00462EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/22 12:0 a.m.30 views

Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-site Scripting

Jenkins NS-ND Integration Performance Publisher Plugin prior to version 4.8.0.147 does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.3AI score0.00469EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/22 12:0 a.m.36 views

Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Missing Authorization

A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 requires POST requests and...

8.8CVSS8.2AI score0.00827EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/09/22 12:0 a.m.28 views

GHSA-JJCH-7G85-4M72 Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 requires POST requests and Overall/Administer...

4.3CVSS8.6AI score0.00462EPSS
Exploits0References3
NVD
NVD
added 2022/09/21 4:15 p.m.22 views

CVE-2022-41229

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS0.00469EPSS
Exploits0References1
NVD
NVD
added 2022/09/21 4:15 p.m.22 views

CVE-2022-41230

Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to tho...

4.3CVSS0.00516EPSS
Exploits0References1
OSV
OSV
added 2022/09/21 4:15 p.m.5 views

CVE-2022-41227

A cross-site request forgery CSRF vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials...

8.8CVSS5.7AI score0.00462EPSS
Exploits0References1
Rows per page
Query Builder