9239 matches found
CVE-2017-3206
CVE-2017-3206 affects Flamingo amf-serializer (Exadel) AMF3 deserializers; version 2.2.0 is vulnerable to XML External Entity (XXE) references from XML in AMF3 messages, potentially exposing data, causing DoS, or enabling SSRF. Remediation: apply an update to a newer version where XXE is addresse...
CVE-2017-3208
The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version 5.1.1.0, allows external entity references XXEs from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server,...
CVE-2017-3208
CVE-2017-3208 affects WebORB for Java (Midnight Coders), where the Java AMF3 deserializers can process XML embedded in AMF3 messages and allow XML External Entity (XXE) references. The issue arises from deserialization behavior using or allowing untrusted data, potentially enabling exposure of se...
CloudBees Jenkins GitHub Plugin Server-Side Request Forgery Vulnerability
CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . GitHub Plugin is used in one of the...
Jenkins < 2.121 and < 2.107.3 LTS Multiple Vulnerabilities - Windows
Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...
Jenkins < 2.121 and < 2.107.3 LTS Multiple Vulnerabilities - Linux
Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...
CVE-2018-1000182
A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a...
Server side request forgery (ssrf)
XML external entity XXE vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...
CVE-2018-1000195
The CVE-2018-1000195 issue affects Jenkins versions 2.120 and older (including LTS 2.107.2 and older). The vulnerability is a server-side request forgery in ZipExtractionInstaller.java that lets users with Overall/Read permission cause Jenkins to submit an HTTP GET request to an arbitrary URL and...
CVE-2018-1000195
A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful 200 or not...
CVE-2018-1000188
A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL...
CVE-2018-1000182
A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a...
Server side request forgery (ssrf)
A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a...
CVE-2018-1000182
A server-side request forgery (SSRF) vulnerability exists in Jenkins Git Plugin 3.9.0 and older. In AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, and ViewGitWeb.java, attackers with Overall/Read access can cause Jenkins to send a GET request to a...
CVE-2018-1000182
A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a...
CVE-2018-1000185
A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL...
CVE-2018-1000188
A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL...
CVE-2018-1000188
The vulnerability CVE-2018-1000188 affects Jenkins CAS Plugin (versions 1.4.1 and older) and its CasSecurityRealm.java, enabling a server-side request forgery (SSRF) where an attacker with Overall/Read access can cause Jenkins to send a GET request to an arbitrary URL. The issue is documented acr...
CVE-2018-1000184
A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL...
CVE-2018-1000184
The CVE refers to a server-side request forgery in the Jenkins GitHub Plugin (versions ≤ 1.29.0) where the vulnerable code GitHubPluginConfig.java allows an attacker with Overall/Read access to trigger Jenkins to issue a GET request to an arbitrary URL. This SSRF impact is documented across multi...