282 matches found
CloudBees Jenkins ElectricFlow Plugin Authorization Issue Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . ElectricFlow Plugin is used in one of the...
Information Disclosure
mysql is vulnerable to information disclosure. An unspecified vulnerability allows a remote attacker to obtain confidential information via vectors related to Server: Connection...
CVE-2019-10305
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the CredentialdoValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
CVE-2019-10304
A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the CredentialdoValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server...
PT-2019-11707 · Jenkins · Jenkins Xebialabs Xl Deploy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins XebiaLabs XL Deploy Plugin affected versions not specified Description: A missing permission check in the CredentialdoValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connecti...
CVE-2019-10290
A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpldoValidateAPI form validation method allowed attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
CVE-2019-1003083
A missing permission check in Jenkins Gearman Plugin in the GearmanPluginConfigdoTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpldoTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptordoCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server...
PT-2019-11368 · Jenkins · Jenkins Vmware Lab Manager Slaves Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins VMware Lab Manager Slaves Plugin affected versions not specified Description: A cross-site request forgery issue exists in the LabManager.DescriptorImpldoTestConnection form validation method, allowing attackers to initiate a connecti...
PT-2019-11383 · Jenkins · Jenkins Nomad Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Nomad Plugin affected versions not specified Description: A missing permission check in the NomadCloud.DescriptorImpldoTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an...
PT-2019-11373 · Jenkins · Jenkins Gearman Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Gearman Plugin affected versions not specified Description: A missing permission check in the GearmanPluginConfigdoTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an...
PT-2019-11389 · Jenkins · Jenkins Openid Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins openid Plugin affected versions not specified Description: A missing permission check in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method allows attackers with Overall/Read permission to initiate a connection...
PT-2019-11381 · Jenkins · Jenkins Soasta Cloudtest Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins SOASTA CloudTest Plugin affected versions not specified Description: A missing permission check in the CloudTestServer.DescriptorImpldoValidate form validation method allows attackers with Overall/Read permission to initiate a...
CVE-2019-1003046
A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server...
Cross-Site Scripting (XSS)
nexus-core is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the repoId and format parameters of the healthCheckFileDetail function, the file name in the File Upload functionality of Staging Upload, the username when...
ATutor Detection
Detection of ATutor. The script sends a connection request to the server and attempts to detect ATutor. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Teradata Viewpoint Detection
Detection of Teradata Viewpoint. The script sends a connection request to the server and attempts to detect Teradata Viewpoint and to extract its version. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
ABB M2M ETHERNET Detection
Detection of ABB M2M ETHERNET. The script sends a connection request to the server and attempts to detect ABB M2M ETHERNET and to extract its version. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respecti...
Xxe
S3 Browser before 8.1.5 contains an XML external entity XXE vulnerability, allowing remote attackers to read arbitrary files and obtain NTLMv2 hash values by tricking a user into connecting to a malicious server via the S3 protocol...