Lucene search
+L

133 matches found

osv
osv
added 2023/01/26 9:30 p.m.76 views

GHSA-PX2F-CQRF-F2QG CSRF vulnerability in Jenkins TestQuality Updater Plugin

A cross-site request forgery CSRF vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

8.8CVSS8.7AI score0.00515EPSS
Exploits0References2
github
github
added 2023/01/26 9:30 p.m.21 views

Missing permission check in Jenkins BearyChat Plugin

A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

6.5CVSS6.5AI score0.00717EPSS
Exploits0References3Affected Software1
prion
prion
added 2023/01/26 9:18 p.m.18 views

Default credentials

A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

4CVSS6.3AI score0.00723EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2023/01/24 12:0 a.m.46 views

CVE-2023-24458

A cross-site request forgery CSRF vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL...

8.9AI score0.00556EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2023/01/24 12:0 a.m.11 views

CVE-2023-24452

A cross-site request forgery CSRF vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

7.1AI score0.00515EPSS
Exploits0References1
cvelist
cvelist
added 2023/01/24 12:0 a.m.41 views

CVE-2023-24435

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5AI score0.00821EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2022/10/19 12:0 a.m.5 views

CVE-2022-43418

A cross-site request forgery CSRF vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.5AI score0.00397EPSS
Exploits0References2
cvelist
cvelist
added 2022/10/19 12:0 a.m.35 views

CVE-2022-43418

A cross-site request forgery CSRF vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.8AI score0.00397EPSS
Exploits0References2
nvd
nvd
added 2022/09/21 4:15 p.m.27 views

CVE-2022-41245

A cross-site request forgery CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS0.00436EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2022/09/21 12:0 a.m.9 views

PT-2022-25761 · Jenkins · Jenkins Worksoft Execution Manager Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Worksoft Execution Manager Plugin versions 10.0.3.503 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified...

6.5CVSS6.4AI score0.00612EPSS
Exploits0References4
nvd
nvd
added 2022/07/27 3:15 p.m.25 views

CVE-2022-36920

A cross-site request forgery CSRF vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS0.00499EPSS
Exploits0References2
nvd
nvd
added 2022/07/27 3:15 p.m.32 views

CVE-2022-36911

A cross-site request forgery CSRF vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL...

6.5CVSS0.00397EPSS
Exploits0References2
osv
osv
added 2022/07/27 3:15 p.m.21 views

CVE-2022-36906

A cross-site request forgery CSRF vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

6.5CVSS6.5AI score
Exploits0References2
osv
osv
added 2022/07/27 3:15 p.m.7 views

CVE-2022-36912

A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

4.3CVSS5.8AI score0.00505EPSS
Exploits0References2
prion
prion
added 2022/07/27 3:15 p.m.20 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

4.3CVSS6.4AI score0.00479EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2022/07/27 2:29 p.m.34 views

CVE-2022-36921

A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.2AI score0.0073EPSS
Exploits0References2
cvelist
cvelist
added 2022/07/27 2:27 p.m.28 views

CVE-2022-36911

A cross-site request forgery CSRF vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL...

7AI score0.00397EPSS
Exploits0References2
cvelist
cvelist
added 2022/07/27 2:26 p.m.42 views

CVE-2022-36907

A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

6.9AI score0.00668EPSS
Exploits0References2
osv
osv
added 2022/06/24 12:0 a.m.31 views

GHSA-RQ99-93C5-33F6 Cross-Site Request Forgery in Jenkins ThreadFix Plugin

A cross-site request forgery CSRF vulnerability in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers to connect to an attacker-specified URL...

4.3CVSS6.6AI score0.00617EPSS
Exploits0References3
github
github
added 2022/06/24 12:0 a.m.23 views

Cross-Site Request Forgery in Jenkins Jianliao Notification Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL...

6.5CVSS6.9AI score0.00468EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder