Lucene search
+L

127 matches found

CNNVD
CNNVD
added 2023/03/23 12:0 a.m.7 views

Jenkins Plugins OctoPerf Load Testing 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS6.5AI score0.00509EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/02/23 12:1 a.m.4 views

plugin: missing permission checks in Blue Ocean Plugin

Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server...

6.5CVSS5.8AI score0.00835EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.5 views

Jenkins Plugin Cisco Spark Notifier 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin A security...

4.3CVSS5.1AI score0.00584EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.7 views

Jenkins Plugin GitHub Pull Request Builder 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.2AI score0.00661EPSS
Exploits0References3
OSV
OSV
added 2023/01/01 8:15 a.m.5 views

CVE-2022-47634

M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17.0v24 allows non-administrative users to access and manipulate archive data via certain HTTP endpoints, aka LINK-2867...

8.1CVSS5.8AI score0.00474EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/11/15 12:0 a.m.6 views

Jenkins Plugin Cluster Statistics 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site request forge...

4.3CVSS5.1AI score0.00361EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/11/15 12:0 a.m.7 views

Jenkins Plugin Cluster Statistics 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin Cluster...

4.3CVSS5.3AI score0.00531EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/11/09 12:0 a.m.10 views

PT-2022-5700 · Cisco · Cisco Firepower Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: The issue is related to insufficient validation of user-supplied parameters for certain API endpoints in the web management interface. This could allo...

7.2CVSS7.8AI score0.00824EPSS
Exploits0References4
OSV
OSV
added 2022/10/19 4:15 p.m.4 views

CVE-2022-43427

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.8AI score
Exploits0References2
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.7 views

Jenkins Plugin Job Import 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.3AI score0.00537EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/08/22 12:0 a.m.6 views

GTAB Software Tabit 安全漏洞

GTAB Software Tabit is a full-featured program from GTAB Software for creating, playing, and printing fingerstyle scores for guitar, bass, or banjo. GTAB Software Tabit suffers from a security vulnerability that stems from the fact that an attacker could modify personal information, such as a...

6.3CVSS5.7AI score0.00399EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/07/27 12:0 a.m.4 views

Jenkins Lucene-Search Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability ...

5.4CVSS5.8AI score0.00434EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/07/19 2:15 p.m.2 views

CVE-2022-29057

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack XSS by injecting malicious payload into the...

5.4CVSS5.6AI score0.00547EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2022/07/12 12:44 p.m.5 views

CVE-2014-3648

The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can't be reached...

7.5CVSS5.9AI score0.00907EPSS
Exploits0References1
OSV
OSV
added 2022/06/30 7:15 p.m.6 views

CVE-2022-33328

Multiple command injection vulnerabilities exist in the webserver ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The /ajax/remove/ API...

9.8CVSS7.4AI score0.0428EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/06/30 6:15 p.m.5 views

CVE-2022-34798

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials...

4.3CVSS5.9AI score0.00541EPSS
Exploits0References3
OSV
OSV
added 2022/06/30 6:15 p.m.6 views

CVE-2022-34798

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials...

4.3CVSS5.8AI score0.00541EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/06/30 12:0 a.m.7 views

PT-2022-22336 · Jenkins · Jenkins Build-Metrics Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins build-metrics Plugin versions 1.3 and earlier Description: The issue concerns the Jenkins build-metrics Plugin, which does not perform permission checks in multiple HTTP endpoints. This allows attackers with Overall/Read permission to...

4.3CVSS4.2AI score0.00649EPSS
Exploits0References8
OSV
OSV
added 2022/05/24 4:51 p.m.13 views

GHSA-R9PV-HG64-JQRP Exposure of Sensitive Information in Apache Storm Logviewer

The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints...

7.5CVSS7.2AI score0.02043EPSS
Exploits0References3
Jenkins Security Advisories
Jenkins Security Advisories
added 2022/05/17 12:0 a.m.7 views

CSRF vulnerability and missing permission checks in blueocean

blueocean 1.25.3 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to send requests to an attacker-specified URL. Additionally, these endpoints do not require POST requests, resulting in a cross-site request forgery CSRF...

6.5CVSS6.3AI score0.00835EPSS
Exploits0Affected Software1
Rows per page
Query Builder