Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

95 matches found

RedhatCVE
RedhatCVEadded 2025/10/30 2:13 p.m.4 views

CVE-2025-64141

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS6.7AI score0.00174EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/10/30 2:13 p.m.4 views

CVE-2025-64142

A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS6.6AI score0.00208EPSS
Exploits0References1
Snyk
Snykadded 2025/10/29 3:31 p.m.6 views

Cross-site Request Forgery (CSRF)

Overview org.jenkins-ci.plugins:nexus-task-runner is a This plugin executes Sonatype Nexus scheduled tasks after your build. For example, if you want to refresh your Nexus's repositories index after building your project, you can use execute a Nexus task whose type is "Publish index" using this...

5.4CVSS7AI score0.00174EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/29 3:31 p.m.6 views

EUVD-2025-36656

Jenkins Nexus Task Runner Plugin is missing a permission check...

4.3CVSS6.2AI score0.00208EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/29 3:31 p.m.5 views

EUVD-2025-36657

Jenkins Nexus Task Runner Plugin vulnerable to cross-site request forgery...

4.3CVSS6.3AI score0.00174EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2025/10/29 3:31 p.m.8 views

Jenkins Nexus Task Runner Plugin vulnerable to cross-site request forgery

Jenkins Nexus Task Runner Plugin 0.9.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. Additionally, this endpoint does not require POST...

4.3CVSS6.7AI score0.00174EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2025/10/29 3:31 p.m.3 views

GHSA-X2PV-FPH3-PHFX Jenkins Nexus Task Runner Plugin vulnerable to cross-site request forgery

Jenkins Nexus Task Runner Plugin 0.9.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. Additionally, this endpoint does not require POST...

4.3CVSS6.7AI score0.00174EPSS
Exploits0References3
OSV
OSVadded 2025/10/29 2:15 p.m.6 views

CVE-2025-64141

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS5.7AI score0.00174EPSS
Exploits0References2
NVD
NVDadded 2025/10/29 2:15 p.m.8 views

CVE-2025-64142

A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS0.00208EPSS
Exploits0References2
NVD
NVDadded 2025/10/29 2:15 p.m.5 views

CVE-2025-64141

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS0.00174EPSS
Exploits0References2
CVE
CVEadded 2025/10/29 1:29 p.m.17 views

CVE-2025-64142

CVE-2025-64142 affects Jenkins Nexus Task Runner Plugin versions 0.9.2 and earlier. Root cause per multiple sources: a missing permission check in the plugin’s HTTP endpoint allows an attacker with Overall/Read permission to cause the controller to connect to an attacker‑specified URL using attac...

4.3CVSS6.3AI score0.00208EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2025/10/29 1:29 p.m.7 views

CVE-2025-64142

A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

0.00208EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/10/29 1:29 p.m.2 views

CVE-2025-64142

A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

6.3AI score0.00208EPSS
Exploits0References1
CVE
CVEadded 2025/10/29 1:29 p.m.13 views

CVE-2025-64141

CVE-2025-64141 describes a CSRF vulnerability in Jenkins Nexus Task Runner Plugin, affecting versions 0.9.2 and earlier. An attacker can cause the controller to connect to an attacker‑specified URL using attacker‑specified credentials via an HTTP endpoint (CSRF). Exploitation details are not prov...

4.3CVSS6.4AI score0.00174EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2025/10/29 1:29 p.m.7 views

CVE-2025-64141

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

0.00174EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/10/29 1:29 p.m.3 views

CVE-2025-64141

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

6.4AI score0.00174EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/10/29 12:0 a.m.4 views

PT-2025-44290

Name of the Vulnerable Software and Affected Versions Jenkins Nexus Task Runner Plugin versions 0.9.2 and earlier Description A cross-site request forgery CSRF issue exists in the Jenkins Nexus Task Runner Plugin. This allows attackers to connect to a URL specified by the attacker, using...

4.3CVSS6.5AI score0.00174EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2025/10/29 12:0 a.m.6 views

PT-2025-44291

Name of the Vulnerable Software and Affected Versions Jenkins Nexus Task Runner Plugin versions 0.9.2 and earlier Description A missing permission check allows attackers with Overall/Read permission to connect to a URL specified by the attacker, using credentials also specified by the attacker. T...

4.3CVSS6.4AI score0.00208EPSS
Exploits0References7
CNNVD
CNNVDadded 2025/10/29 12:0 a.m.4 views

Jenkins plugin Nexus Task Runner 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

4.3CVSS6.6AI score0.00208EPSS
Exploits0References2
CNNVD
CNNVDadded 2025/10/29 12:0 a.m.4 views

Jenkins Nexus Task Runner Plugin 安全漏洞

Jenkins Nexus Task Runner Plugin is an open source plugin for Jenkins. A security vulnerability exists in Jenkins Nexus Task Runner Plugin version 0.9.2 and earlier, which stems from vulnerability to a cross-site request forgery attack that could result in a connection to an attacker-specified UR...

4.3CVSS6.5AI score0.00174EPSS
Exploits0References2
Rows per page
Query Builder