Lucene search
K

74 matches found

Prion
Prion
added 2019/12/17 3:15 p.m.16 views

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.8CVSS8.5AI score0.00691EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/12/17 3:15 p.m.16 views

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials...

6.8CVSS8.6AI score0.00863EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/12/17 2:40 p.m.71 views

CVE-2019-16576

CVE-2019-16576 affects Jenkins Alauda Kubernetes Support Plugin (versions 2.3.0 and earlier). The issue is a missing permission check that lets attackers with Overall/Read access connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, potenti...

6.5CVSS6.3AI score0.00852EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/12/17 2:40 p.m.17 views

CVE-2019-16576

A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or...

6.4AI score0.00852EPSS
Exploits0References2
CVE
CVE
added 2019/12/17 2:40 p.m.65 views

CVE-2019-16575

CVE-2019-16575 describes a cross-site request forgery in the Jenkins Alauda Kubernetes Support Plugin (versions ≤ 2.3.0). An attacker can coax the Jenkins instance to connect to a URL of their choosing using attacker-specified credentials IDs, potentially exposing the Kubernetes service account t...

8.8CVSS8.6AI score0.00863EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/12/17 2:40 p.m.72 views

CVE-2019-16574

CVE-2019-16574 affects the Jenkins Alauda DevOps Pipeline Plugin up to version 2.3.2. The root cause is a missing permission check that allows attackers with Overall/Read to connect to an attacker-specified URL using attacker-specified credentials IDs, thereby potentially capturing credentials st...

6.5CVSS6.2AI score0.00852EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/12/17 2:40 p.m.18 views

CVE-2019-16575

A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials...

8.7AI score0.00863EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/12/17 2:40 p.m.36 views

CVE-2019-16574

A missing permission check in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.3AI score0.00852EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/12/17 2:40 p.m.22 views

CVE-2019-16573

A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.7AI score0.00691EPSS
Exploits0References2
CVE
CVE
added 2019/12/17 2:40 p.m.64 views

CVE-2019-16573

The CVE-2019-16573 entry concerns a cross-site request forgery in the Jenkins Alauda DevOps Pipeline Plugin (version 2.3.2 and earlier). The vulnerability permits an attacker to cause the Jenkins instance to connect to an attacker‑specified URL using attacker‑specified credentials IDs, which can ...

8.8CVSS8.5AI score0.00691EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2019/12/17 12:0 a.m.4 views

PT-2019-14728 · Jenkins · Jenkins Alauda Devops Pipeline Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Alauda DevOps Pipeline Plugin versions 2.3.2 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing...

8.8CVSS8.5AI score0.00691EPSS
Exploits0References5
GitLab Advisory Database
GitLab Advisory Database
added 2019/12/17 12:0 a.m.28 views

Insufficiently Protected Credentials

A missing permission check in Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS4.6AI score0.00852EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2019/12/17 12:0 a.m.6 views

PT-2019-14730 · Jenkins · Jenkins Alauda Kubernetes Support Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Alauda Kubernetes Support Plugin versions 2.3.0 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing the...

8.8CVSS8.5AI score0.00863EPSS
Exploits0References5
GitLab Advisory Database
GitLab Advisory Database
added 2019/12/17 12:0 a.m.38 views

Cross-Site Request Forgery (CSRF)

A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS4.6AI score0.00691EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder