Lucene search
K

300 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:5 a.m.7 views

CVE-2023-37949

A missing permission check in Jenkins Orka by MacStadium Plugin 1.33 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

7.1CVSS6.4AI score0.00525EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:43 a.m.10 views

CVE-2023-30525

A cross-site request forgery CSRF vulnerability in Jenkins Report Portal Plugin 0.5 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified bearer token authentication...

8.8CVSS6.8AI score0.0078EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:21 a.m.7 views

CVE-2023-24458

A cross-site request forgery CSRF vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL...

8.8CVSS6.7AI score0.00556EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:4 a.m.5 views

CVE-2022-25206

A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials...

8.8CVSS6.6AI score0.00787EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:38 p.m.9 views

CVE-2022-41228

A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials...

8.8CVSS6.6AI score0.00827EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:37 p.m.7 views

CVE-2022-41245

A cross-site request forgery CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS6.7AI score0.00436EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:28 p.m.7 views

CVE-2022-41253

A cross-site request forgery CSRF vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS6.6AI score0.00485EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:28 p.m.8 views

CVE-2022-41254

Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS6.5AI score0.00676EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:13 p.m.8 views

CVE-2022-36921

A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.1CVSS6.4AI score0.0073EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:7 p.m.8 views

CVE-2022-41246

A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS6.5AI score0.00612EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:5 p.m.7 views

CVE-2022-34780

A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS6.6AI score0.00468EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:3 p.m.8 views

CVE-2022-34797

A cross-site request forgery CSRF vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials...

4.3CVSS6.8AI score0.00558EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:2 p.m.9 views

CVE-2022-34209

A cross-site request forgery CSRF vulnerability in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers to connect to an attacker-specified URL...

6.5CVSS6.7AI score0.00617EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:32 p.m.6 views

CVE-2022-25195

A missing permission check in Jenkins autonomiq Plugin 1.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS6.5AI score0.0055EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:11 p.m.17 views

CVE-2021-21664

An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored i...

6.5CVSS6.4AI score0.00991EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:5 p.m.10 views

CVE-2020-2093

A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers to send an email with fixed content to an attacker-specified recipient...

8.8CVSS6.6AI score0.00844EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 1:14 p.m.8 views

CVE-2018-1000186

A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...

6.5CVSS6.1AI score0.00988EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:52 p.m.10 views

CVE-2018-1999039

A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials...

4.3CVSS6.7AI score0.00642EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:7 a.m.34 views

CVE-2019-1003081

A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptordoCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

6.5CVSS6.5AI score0.01536EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:30 a.m.14 views

CVE-2019-10468

A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS6.5AI score0.00678EPSS
Exploits0References1
Rows per page
Query Builder