Lucene search
K

11 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.5 views

CVE-2026-57305

A cross-site request forgery CSRF vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified username and password...

5.4CVSS5.8AI score0.00128EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.5 views

CVE-2026-57292

A cross-site request forgery CSRF vulnerability in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

5.4CVSS5.8AI score0.00101EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-8328

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with...

5.9CVSS7AI score0.02511EPSS
Exploits0References3
NVD
NVD
added 2026/04/15 7:16 p.m.9 views

CVE-2026-34244

Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit permission granted by the per-project "Administration" role can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate...

5CVSS0.0024EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/06 7:3 a.m.34 views

CVE-2026-29049 melange: unbounded HTTP download in `melange update-cache` can exhaust disk in CI

melange allows users to build apk packages using declarative pipelines. In version 0.40.5 and prior, melange update-cache downloads URIs from build configs via io.Copy without any size limit or HTTP client timeout pkg/renovate/cache/cache.go. An attacker-controlled URI in a melange config can cau...

4.3CVSS0.00177EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/07/27 3:15 p.m.4 views

CVE-2022-36907

A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

6.5CVSS5.8AI score0.00668EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/07/27 12:0 a.m.4 views

Jenkins Coverity Plugin 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site request forge...

8.8CVSS7.8AI score0.00499EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/06/30 6:15 p.m.3 views

CVE-2022-34792

A cross-site request forgery CSRF vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML...

8CVSS5.8AI score0.0047EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/06/23 5:15 p.m.3 views

CVE-2022-34211

A cross-site request forgery CSRF vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL...

6.5CVSS5.9AI score0.00468EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/02/15 12:0 a.m.3 views

PT-2022-17150 · Jenkins · Jenkins Swamp Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins SWAMP Plugin versions 1.2.6 and earlier Description: A missing permission check in the Jenkins SWAMP Plugin allows attackers with Overall/Read permission to connect to an attacker-specified web server using attacker-specified...

8.8CVSS8.4AI score0.01093EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2021/06/10 12:0 a.m.7 views

PT-2021-14706 · Xebialabs +1 · Jenkins Xebialabs Xl Deploy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins XebiaLabs XL Deploy Plugin versions 7.5.8 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs...

4.3CVSS4.2AI score0.01001EPSS
Exploits0References7
Rows per page
Query Builder