Lucene search
K

40 matches found

ATTACKERKB
ATTACKERKB
added 2022/12/15 7:15 p.m.5 views

CVE-2022-3427

The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.56. This is due to missing or incorrect nonce validation on its corneradsettingspage function. This makes it possible for unauthenticated attackers to trigger the deletion of ads v...

8.8CVSS6.5AI score0.00646EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/05/24 7:12 p.m.21 views

Jenkins Azure AD Plugin allows bypassing CSRF protection for any URL

An extension point in Jenkins allows selectively disabling cross-site request forgery CSRF protection for specific URLs. Jenkins Azure AD Plugin implements this extension point for URLs used by a JavaScript component. In Jenkins Azure AD Plugin 179.vf6841393099e and earlier this implementation is...

8.8CVSS8.4AI score0.00683EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 5:8 p.m.23 views

GHSA-VVG2-HG3C-MQJ3 Client secret transmitted in plain text by Azure AD Plugin

Azure AD Plugin stores a client secret in its global configuration. While the credential is stored encrypted on disk, it is transmitted in plain text as part of the configuration form by Azure AD Plugin 1.1.2 and earlier. This can result in exposure of the credential through browser extensions,...

3.1CVSS5AI score0.00925EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2021/10/06 12:0 a.m.62 views

Jenkins Enterprise and Operations Center < 2.249.32.0.2 / 2.277.41.0.2 / 2.303.1.6 Multiple Vulnerabilities (CloudBees Security Advisory 2021-08-31)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.x prior to 2.303.1.6, 2.249.x prior to 2.249.32.0.2, or 2.277.x prior to 2.277.41.0.2. It is, therefore, affected by multiple vulnerabilities, including the following: - Jenkins Code Coverage API...

8.8CVSS7.8AI score0.02213EPSS
Exploits0References6
NVD
NVD
added 2021/08/31 2:15 p.m.31 views

CVE-2021-21679

Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins...

8.8CVSS0.00683EPSS
Exploits0References2
Prion
Prion
added 2021/08/31 2:15 p.m.20 views

Cross site request forgery (csrf)

Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins...

6.8CVSS8.7AI score0.00683EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/08/31 1:50 p.m.76 views

CVE-2021-21679

CVE-2021-21679 concerns Jenkins Azure AD Plugin 179.vf6841393099e and earlier, where an extension point for CSRF protection is too permissive, allowing attackers to craft URLs that bypass CSRF protection for any Jenkins URL. The issue is tied to a vulnerability in the plugin’s handling of CSRF to...

8.8CVSS8.6AI score0.00683EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/08/31 12:0 a.m.7 views

PT-2021-14722 · Jenkins · Jenkins Azure Ad Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Azure AD Plugin versions 164.v5b48baa961d2 through 179.vf6841393099e Description: The issue allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. This is due to an overly permissive...

8.8CVSS8.7AI score0.00683EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/08/31 12:0 a.m.5 views

Jenkins 安全漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. Jenkins Azure AD Plugin has a security vulnerability through which an attacker can bypass CSRF protection...

8.8CVSS7.9AI score0.0081EPSS
Exploits0References3
OSV
OSV
added 2020/02/12 3:15 p.m.20 views

CVE-2020-2119

Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...

5.3CVSS6.8AI score
Exploits0References2
Cvelist
Cvelist
added 2020/02/12 2:35 p.m.32 views

CVE-2020-2119

Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...

5.3AI score0.00925EPSS
Exploits0References2
CVE
CVE
added 2020/02/12 2:35 p.m.75 views

CVE-2020-2119

CVE-2020-2119 affects the Jenkins Azure AD Plugin (versions 1.1.2 and earlier). The issue: the plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially exposing client secrets (e.g., via browser extensions or XSS). Root cause is clear: cr...

5.3CVSS5.2AI score0.00925EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/02/12 12:0 a.m.9 views

PT-2020-15326 · Jenkins · Jenkins Azure Ad Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Azure AD Plugin versions 1.1.2 and earlier Description: The issue concerns the transmission of configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. Specificall...

5.3CVSS5AI score0.00925EPSS
Exploits0References7
CNVD
CNVD
added 2019/08/27 12:0 a.m.2 views

WordPress corner-ad plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. corner-ad is a web advertising plugin used in it. A cross-site scripting vulnerability exists in the WordPress corner-ad plugin. An...

6.1CVSS6.3AI score0.00905EPSS
Exploits0References1
OSV
OSV
added 2019/08/22 8:15 p.m.2 views

CVE-2017-18579

The corner-ad plugin before 1.0.8 for WordPress has XSS...

6.1CVSS5.8AI score0.00905EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/08/22 7:42 p.m.21 views

CVE-2017-18579

The corner-ad plugin before 1.0.8 for WordPress has XSS...

6.4AI score0.00905EPSS
Exploits0References1
CVE
CVE
added 2019/08/22 7:42 p.m.49 views

CVE-2017-18579

CVE-2017-18579 affects the Corner Ad WordPress plugin prior to 1.0.8. The vulnerability is a cross-site scripting (XSS) flaw in the plugin. The CNVD entry states that an attacker can exploit this vulnerability to execute client-side code; NVD details show a network-facing vector with at least par...

6.1CVSS6.4AI score0.00905EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/04/30 12:25 p.m.61 views

CVE-2019-10318

Summary of findings : The CVE-2019-10318 issue affects the Jenkins Azure AD Plugin versions 0.3.3 and earlier. The root cause is that the plugin stored the client secret unencrypted in the global config.xml on the Jenkins master/controller, enabling users with access to the master/controller file...

8.8CVSS8.5AI score0.01832EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/04/30 12:25 p.m.21 views

CVE-2019-10318

Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system...

8.7AI score0.01832EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/04/30 12:0 a.m.9 views

PT-2019-11720 · Jenkins · Jenkins Azure Ad Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Azure AD Plugin versions 0.3.3 and earlier Description: The issue concerns the storage of the client secret in the global config.xml configuration file on the Jenkins master or controller. This secret was stored unencrypted, allowing...

8.8CVSS8.5AI score0.01832EPSS
Exploits0References8
Rows per page
Query Builder