58 matches found
CVE-2022-27214
A cross-site request forgery CSRF vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...
GHSA-M5WP-P3GJ-7Q5G Missing Authorization in Jenkins dbCharts Plugin
A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials...
CVE-2022-25194
A cross-site request forgery CSRF vulnerability in Jenkins autonomiq Plugin 1.15 and earlier allows attackers to connect to an attacker-specified URL server using attacker-specified credentials...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials...
CVE-2022-23111
A cross-site request forgery CSRF vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...
CVE-2020-2272
A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2020-2273
A cross-site request forgery CSRF vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...
PT-2020-15497 · Jenkins · Jenkins Elastest Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins ElasTest Plugin versions 1.2.1 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins Mantis Plugin 0.26 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials...
CVE-2019-10465
A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file syste...
CVE-2019-10454
A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2019-10454
A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2019-10368
A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpldoTestConnection and JCloudsCloud.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified...
CVE-2019-10332
A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in ConfigurationdoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in ConfigurationdoTestConnection allowed attackers to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2019-10331
A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in ConfigurationdoTestConnection allowed attackers to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2018-1999039
A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials...
CVE-2018-1000183
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...