Lucene search
K

7 matches found

CVE
CVE
added 2026/06/24 1:20 p.m.9 views

CVE-2026-57297

CVE-2026-57297 affects Jenkins via the Contrast Continuous Application Security Plugin (3.11 and earlier). The issue is a missing permission check that lets attackers with Overall/Read access cause a connection to an attacker‑specified URL using attacker‑provided credentials (username, API key, s...

4.3CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2026/06/24 12:0 a.m.5 views

CSRF vulnerability and missing permission check in contrast-continuous-application-security

contrast-continuous-application-security 3.11 and earlier does not perform a permission check in an HTTP endpoint that tests the connection to a Contrast TeamServer. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username, AP...

5.4CVSS5.8AI score0.00187EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/05/26 10:1 p.m.35 views

CVE-2026-45298 Dozzle: Pre-auth SSRF with response-body reflection via POST /api/notifications/test-webhook (default no-auth deploy)

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy the documented quickstart, no DOZZLEAUTHPROVIDER set, POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that...

8.6CVSS0.01491EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/05 7:56 p.m.5 views

CVE-2026-35527

Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD request to a user-supplied URL before validating the request against project restrictions such as restricted.images.servers. The imgPostURLInfo function...

6.4CVSS5.8AI score0.00271EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2025/10/29 1:29 p.m.10 views

CVE-2025-64139

CVE-2025-64139 affects Jenkins Start Windocks Containers Plugin versions 1.4 and earlier. A missing permission check on an HTTP endpoint allows an attacker with Overall/Read permission to connect to an attacker-specified URL. Related advisories corroborate that this wormable-like behavior is via ...

4.3CVSS6.3AI score0.00227EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2025/05/14 8:35 p.m.4 views

CVE-2025-47887

Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

4.3CVSS7AI score0.00292EPSS
Exploits0References1
OSV
OSV
added 2023/05/16 7:15 p.m.4 views

CVE-2023-2631

A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

4.3CVSS5.8AI score0.0039EPSS
Exploits0References1
Rows per page
Query Builder