Lucene search
+L

301 matches found

Vulnrichment
Vulnrichment
added 2023/05/16 4:0 p.m.14 views

CVE-2023-32999

A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...

6.5AI score0.00509EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/16 4:0 p.m.34 views

CVE-2023-32981

An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content...

8.8AI score0.01016EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/16 3:59 p.m.12 views

CVE-2023-32978

A cross-site request forgery CSRF vulnerability in Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials...

6.7AI score0.003EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/05/16 12:0 a.m.5 views

Jenkins Code Dx Plugin 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.2AI score0.0039EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/04/12 12:0 a.m.4 views

PT-2023-22761 · Jenkins · Jenkins Turboscript Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins TurboScript Plugin versions 1.3 and earlier Description: A missing permission check in the plugin allows attackers with Item/Read permission to trigger builds of jobs corresponding to the attacker-specified repository. Recommendations...

6.5CVSS6.2AI score0.0057EPSS
Exploits0References7
NVD
NVD
added 2023/04/02 9:15 p.m.26 views

CVE-2023-28675

A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials...

4.3CVSS4.8AI score0.00425EPSS
Exploits0References1
NVD
NVD
added 2023/04/02 9:15 p.m.24 views

CVE-2023-28674

A cross-site request forgery CSRF vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials...

8.8CVSS8.7AI score0.00362EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/03/23 11:26 a.m.31 views

CVE-2023-28675

A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials...

5.1AI score0.00425EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/03/23 11:26 a.m.32 views

CVE-2023-28674

A cross-site request forgery CSRF vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials...

8.9AI score0.00362EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2023/03/23 11:26 a.m.27 views

CVE-2023-28674

A cross-site request forgery CSRF vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials...

8.8CVSS8.4AI score0.00362EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/02/23 12:1 a.m.7 views

plugin: Lack of authentication mechanism in Git Plugin webhook

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit...

7.5CVSS5.8AI score0.05563EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/02/08 6:41 p.m.4 views

plugin: missing permission checks in Blue Ocean Plugin

Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server...

6.5CVSS5.8AI score0.00835EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/02/08 6:41 p.m.7 views

plugin: CSRF vulnerability in Script Security Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Script Security Plugin 1158.v7c1b73a69a08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver...

4.3CVSS5.7AI score0.0061EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/02/08 6:41 p.m.7 views

plugin: Lack of authentication mechanism in Git Plugin webhook

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit...

7.5CVSS5.8AI score0.05563EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/02/08 6:41 p.m.6 views

plugin: Lack of authentication mechanism in Git Plugin webhook

The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository...

5.3CVSS5.8AI score0.00853EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/02/08 6:41 p.m.3 views

plugin: CSRF vulnerability in Blue Ocean Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server...

6.5CVSS5.7AI score0.00675EPSS
Exploits0References5
OSV
OSV
added 2023/01/26 9:30 p.m.76 views

GHSA-PX2F-CQRF-F2QG CSRF vulnerability in Jenkins TestQuality Updater Plugin

A cross-site request forgery CSRF vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

8.8CVSS8.7AI score0.00515EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/01/26 9:30 p.m.21 views

Missing permission check in Jenkins BearyChat Plugin

A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

6.5CVSS6.5AI score0.00717EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/01/26 9:18 p.m.20 views

Default credentials

A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

4CVSS6.3AI score0.00723EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/24 12:0 a.m.8 views

CVE-2023-24432

A cross-site request forgery CSRF vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.9AI score0.00515EPSS
Exploits0References1
Rows per page
Query Builder