40 matches found
CVE-2022-3427
The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.56. This is due to missing or incorrect nonce validation on its corneradsettingspage function. This makes it possible for unauthenticated attackers to trigger the deletion of ads v...
Jenkins Azure AD Plugin allows bypassing CSRF protection for any URL
An extension point in Jenkins allows selectively disabling cross-site request forgery CSRF protection for specific URLs. Jenkins Azure AD Plugin implements this extension point for URLs used by a JavaScript component. In Jenkins Azure AD Plugin 179.vf6841393099e and earlier this implementation is...
GHSA-VVG2-HG3C-MQJ3 Client secret transmitted in plain text by Azure AD Plugin
Azure AD Plugin stores a client secret in its global configuration. While the credential is stored encrypted on disk, it is transmitted in plain text as part of the configuration form by Azure AD Plugin 1.1.2 and earlier. This can result in exposure of the credential through browser extensions,...
Jenkins Enterprise and Operations Center < 2.249.32.0.2 / 2.277.41.0.2 / 2.303.1.6 Multiple Vulnerabilities (CloudBees Security Advisory 2021-08-31)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.x prior to 2.303.1.6, 2.249.x prior to 2.249.32.0.2, or 2.277.x prior to 2.277.41.0.2. It is, therefore, affected by multiple vulnerabilities, including the following: - Jenkins Code Coverage API...
CVE-2021-21679
Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins...
Cross site request forgery (csrf)
Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins...
CVE-2021-21679
CVE-2021-21679 concerns Jenkins Azure AD Plugin 179.vf6841393099e and earlier, where an extension point for CSRF protection is too permissive, allowing attackers to craft URLs that bypass CSRF protection for any Jenkins URL. The issue is tied to a vulnerability in the plugin’s handling of CSRF to...
PT-2021-14722 · Jenkins · Jenkins Azure Ad Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Azure AD Plugin versions 164.v5b48baa961d2 through 179.vf6841393099e Description: The issue allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. This is due to an overly permissive...
Jenkins 安全漏洞
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. Jenkins Azure AD Plugin has a security vulnerability through which an attacker can bypass CSRF protection...
CVE-2020-2119
Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...
CVE-2020-2119
Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...
CVE-2020-2119
CVE-2020-2119 affects the Jenkins Azure AD Plugin (versions 1.1.2 and earlier). The issue: the plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially exposing client secrets (e.g., via browser extensions or XSS). Root cause is clear: cr...
PT-2020-15326 · Jenkins · Jenkins Azure Ad Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Azure AD Plugin versions 1.1.2 and earlier Description: The issue concerns the transmission of configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. Specificall...
WordPress corner-ad plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. corner-ad is a web advertising plugin used in it. A cross-site scripting vulnerability exists in the WordPress corner-ad plugin. An...
CVE-2017-18579
The corner-ad plugin before 1.0.8 for WordPress has XSS...
CVE-2017-18579
The corner-ad plugin before 1.0.8 for WordPress has XSS...
CVE-2017-18579
CVE-2017-18579 affects the Corner Ad WordPress plugin prior to 1.0.8. The vulnerability is a cross-site scripting (XSS) flaw in the plugin. The CNVD entry states that an attacker can exploit this vulnerability to execute client-side code; NVD details show a network-facing vector with at least par...
CVE-2019-10318
Summary of findings : The CVE-2019-10318 issue affects the Jenkins Azure AD Plugin versions 0.3.3 and earlier. The root cause is that the plugin stored the client secret unencrypted in the global config.xml on the Jenkins master/controller, enabling users with access to the master/controller file...
CVE-2019-10318
Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system...
PT-2019-11720 · Jenkins · Jenkins Azure Ad Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Azure AD Plugin versions 0.3.3 and earlier Description: The issue concerns the storage of the client secret in the global config.xml configuration file on the Jenkins master or controller. This secret was stored unencrypted, allowing...