141 matches found
Jenkins Plugin ElasticBox CI 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Plugin Sumologic Publisher 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
CVE-2023-35149
A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
CVE-2023-32999
A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...
CVE-2023-32991
A cross-site request forgery CSRF vulnerability in Jenkins SAML Single Sign OnSSO Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML...
PT-2023-24124 · Jenkins · Jenkins Saml Single Sign On(Sso) Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins SAML Single Sign OnSSO Plugin versions 2.0.2 and earlier Description: The issue is related to missing permission checks in the Jenkins SAML Single Sign OnSSO Plugin, allowing attackers with Overall/Read permission to send an HTTP...
CVE-2023-30526
A missing permission check in Jenkins Report Portal Plugin 0.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication...
CVE-2023-30525
A cross-site request forgery CSRF vulnerability in Jenkins Report Portal Plugin 0.5 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified bearer token authentication...
CVE-2023-24438
A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkin...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications, and forms. A cross-site scripting vulnerability exists in Adobe Experience Manager Core Components 2.20.6 and prior versions, which originates when a victim accesses a...
CVE-2022-36920
A cross-site request forgery CSRF vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Jenkins OpenShift Deployer Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability ...
Jenkins OpenShift Deployer Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins OpenShift Deployer Plugin 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site request...
CVE-2022-34797
A cross-site request forgery CSRF vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials...
PT-2022-22346 · Jenkins · Jenkins Recipe Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Recipe Plugin versions 1.2 and earlier Description: The issue is related to missing permission checks in the Jenkins Recipe Plugin, allowing attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL a...
CVE-2022-34212
A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL...
CVE-2022-34211
A cross-site request forgery CSRF vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL...
PT-2022-22075 · Jenkins · Jenkins Jianliao Notification Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Jianliao Notification Plugin versions 1.1 and earlier Description: A cross-site request forgery CSRF issue allows attackers to send HTTP POST requests to an attacker-specified URL. This can be exploited by attackers to perform...
Jenkins Plugin Jianliao Notification 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. POST requests to an attacker-specified URL...