Lucene search
K

58 matches found

NVD
NVD
added 2022/03/15 5:15 p.m.20 views

CVE-2022-27214

A cross-site request forgery CSRF vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS0.00472EPSS
Exploits0References2
OSV
OSV
added 2022/02/16 12:1 a.m.27 views

GHSA-M5WP-P3GJ-7Q5G Missing Authorization in Jenkins dbCharts Plugin

A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials...

8.8CVSS8.5AI score0.00787EPSS
Exploits0References3
NVD
NVD
added 2022/02/15 5:15 p.m.30 views

CVE-2022-25194

A cross-site request forgery CSRF vulnerability in Jenkins autonomiq Plugin 1.15 and earlier allows attackers to connect to an attacker-specified URL server using attacker-specified credentials...

8.8CVSS0.00527EPSS
Exploits0References1
Prion
Prion
added 2022/02/15 5:15 p.m.13 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials...

6.8CVSS8.7AI score0.00684EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2022/01/12 8:15 p.m.37 views

CVE-2022-23111

A cross-site request forgery CSRF vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...

4.3CVSS0.26546EPSS
Exploits0References2
OSV
OSV
added 2020/09/16 2:15 p.m.16 views

CVE-2020-2272

A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS6.6AI score
Exploits0References2
Cvelist
Cvelist
added 2020/09/16 1:20 p.m.33 views

CVE-2020-2273

A cross-site request forgery CSRF vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.6AI score0.00679EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/09/16 12:0 a.m.4 views

PT-2020-15497 · Jenkins · Jenkins Elastest Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins ElasTest Plugin versions 1.2.1 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS4.3AI score0.00656EPSS
Exploits0References6
Prion
Prion
added 2019/12/17 3:15 p.m.19 views

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Mantis Plugin 0.26 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials...

4.3CVSS4.7AI score0.00679EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/10/23 12:45 p.m.28 views

CVE-2019-10465

A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file syste...

4.4AI score0.00788EPSS
Exploits0References2
OSV
OSV
added 2019/10/16 2:15 p.m.19 views

CVE-2019-10454

A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS6.9AI score
Exploits0References1
Cvelist
Cvelist
added 2019/10/16 1:0 p.m.26 views

CVE-2019-10454

A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.5AI score0.00665EPSS
Exploits0References1
OSV
OSV
added 2019/08/07 3:15 p.m.13 views

CVE-2019-10368

A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpldoTestConnection and JCloudsCloud.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified...

8.8CVSS6.4AI score
Exploits0References5
NVD
NVD
added 2019/06/11 2:29 p.m.43 views

CVE-2019-10332

A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in ConfigurationdoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS4.5AI score0.01829EPSS
Exploits0References3
Prion
Prion
added 2019/06/11 2:29 p.m.19 views

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in ConfigurationdoTestConnection allowed attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS4.5AI score0.01058EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/06/11 1:15 p.m.24 views

CVE-2019-10331

A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in ConfigurationdoTestConnection allowed attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.5AI score0.01058EPSS
Exploits0References3
NVD
NVD
added 2018/08/01 1:29 p.m.18 views

CVE-2018-1999039

A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials...

4.3CVSS4.6AI score0.00642EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2018/06/06 2:51 p.m.42 views

CVE-2018-1000183

A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

6.5CVSS4.1AI score0.01013EPSS
Exploits0References2
Rows per page
Query Builder