Lucene search
K

4 matches found

Snyk
Snyk
added 2025/04/02 3:31 p.m.6 views

Missing Authorization

Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Missing Authorization in the doCreateItem method. A user with Computer/Create permission can copy an agent and thereby access its configuration. Remediation Upgrade...

5.3CVSS6.8AI score0.0039EPSS
Exploits0References2
OSV
OSV
added 2025/04/02 3:31 p.m.2 views

GHSA-565R-PF5Q-45V6 Jenkins Missing Permission Check

Jenkins 2.503 and earlier, LTS 2.492.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent, gaining access to its configuration. Jenkins 2.504, LTS 2.492.3 require...

4.3CVSS6.8AI score0.0039EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/04/02 3:15 p.m.4 views

CVE-2025-31720

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent, gaining access to its configuration...

4.3CVSS7.7AI score0.0039EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/04/02 3:15 p.m.4 views

CVE-2025-31721

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration...

4.3CVSS7.7AI score0.00375EPSS
Exploits0References1
Rows per page
Query Builder