74 matches found
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials...
CVE-2019-16576
CVE-2019-16576 affects Jenkins Alauda Kubernetes Support Plugin (versions 2.3.0 and earlier). The issue is a missing permission check that lets attackers with Overall/Read access connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, potenti...
CVE-2019-16576
A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or...
CVE-2019-16575
CVE-2019-16575 describes a cross-site request forgery in the Jenkins Alauda Kubernetes Support Plugin (versions ≤ 2.3.0). An attacker can coax the Jenkins instance to connect to a URL of their choosing using attacker-specified credentials IDs, potentially exposing the Kubernetes service account t...
CVE-2019-16574
CVE-2019-16574 affects the Jenkins Alauda DevOps Pipeline Plugin up to version 2.3.2. The root cause is a missing permission check that allows attackers with Overall/Read to connect to an attacker-specified URL using attacker-specified credentials IDs, thereby potentially capturing credentials st...
CVE-2019-16575
A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials...
CVE-2019-16574
A missing permission check in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-16573
A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-16573
The CVE-2019-16573 entry concerns a cross-site request forgery in the Jenkins Alauda DevOps Pipeline Plugin (version 2.3.2 and earlier). The vulnerability permits an attacker to cause the Jenkins instance to connect to an attacker‑specified URL using attacker‑specified credentials IDs, which can ...
PT-2019-14728 · Jenkins · Jenkins Alauda Devops Pipeline Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Alauda DevOps Pipeline Plugin versions 2.3.2 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing...
Insufficiently Protected Credentials
A missing permission check in Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
PT-2019-14730 · Jenkins · Jenkins Alauda Kubernetes Support Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Alauda Kubernetes Support Plugin versions 2.3.0 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing the...
Cross-Site Request Forgery (CSRF)
A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...