Lucene search
K

300 matches found

NVD
NVD
added 2022/06/23 5:15 p.m.14 views

CVE-2022-34201

A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

6.5CVSS0.0057EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/06/23 5:15 p.m.3 views

CVE-2022-34203

A cross-site request forgery CSRF vulnerability in Jenkins EasyQA Plugin 1.0 and earlier allows attackers to connect to an attacker-specified HTTP server...

8.8CVSS6.6AI score0.00503EPSS
Exploits0References2
OSV
OSV
added 2022/06/23 5:15 p.m.4 views

CVE-2022-34203

A cross-site request forgery CSRF vulnerability in Jenkins EasyQA Plugin 1.0 and earlier allows attackers to connect to an attacker-specified HTTP server...

8.8CVSS5.7AI score
Exploits0References1
NVD
NVD
added 2022/06/23 5:15 p.m.42 views

CVE-2022-34207

A cross-site request forgery CSRF vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL...

6.5CVSS0.00468EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/06/23 5:15 p.m.2 views

CVE-2022-34200

A cross-site request forgery CSRF vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL...

8.8CVSS6.6AI score0.00503EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/06/22 2:41 p.m.36 views

CVE-2022-34206

A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL...

6.8AI score0.00521EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/06/22 12:0 a.m.21 views

Jenkins Plugin vRealize Orchestrator 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins vRealize Orchestrator Plugin 3.0...

5.7CVSS5.7AI score0.00619EPSS
Exploits0References4
OSV
OSV
added 2022/05/24 5:28 p.m.17 views

GHSA-66RM-WG7M-8PGV CSRF vulnerability in Jenkins ElasTest Plugin

A cross-site request forgery CSRF vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS4.5AI score0.00679EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 5:28 p.m.27 views

CSRF vulnerability in Jenkins ElasTest Plugin

A cross-site request forgery CSRF vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS5AI score0.00679EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:28 p.m.23 views

Missing permission checks in Jenkins ElasTest Plugin

A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS4.5AI score0.00656EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 4:52 p.m.22 views

Jenkins JClouds Plugin missing permission check

Jenkins JClouds Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored ...

6.5CVSS6.5AI score0.00974EPSS
Exploits0References10Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/05/17 3:15 p.m.1 views

CVE-2022-30954

Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server...

6.5CVSS6.6AI score0.00782EPSS
Exploits0References3
OSV
OSV
added 2022/05/14 3:13 a.m.12 views

GHSA-26HW-262C-G9GC Exposure of sensitive information vulnerability in Jenkins Black Duck Hub Plugin

A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

6.5CVSS6.2AI score0.00988EPSS
Exploits0References2
OSV
OSV
added 2022/05/14 2:57 a.m.15 views

GHSA-HP7X-282P-HHR9 Jenkins TraceTronic ECU-TEST Plugin server-side request forgery vulnerability

A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host...

6.5CVSS6.4AI score0.00862EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/14 2:57 a.m.19 views

Jenkins TraceTronic ECU-TEST Plugin server-side request forgery vulnerability

A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host...

6.5CVSS6.7AI score0.00862EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:31 a.m.17 views

CSRF vulnerability in jenkins-reviewbot Plugin

A cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptordoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.6AI score0.01296EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/13 1:31 a.m.20 views

GHSA-G3RG-CJ5X-3VPF CSRF vulnerability in jenkins-reviewbot Plugin

A cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptordoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.3AI score0.01296EPSS
Exploits0References4
OSV
OSV
added 2022/05/13 1:25 a.m.11 views

GHSA-6J5J-W6V4-RWQR Jenkins VMware Lab Manager Slaves Plugin vulnerable CSRF vulnerability

A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.3AI score0.00719EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/13 1:25 a.m.26 views

CSRF vulnerability in Jenkins Gearman Plugin

A cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfigdoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.6AI score0.01296EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:25 a.m.20 views

CSRF vulnerability in Jenkins sinatra-chef-builder Plugin

A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.6AI score0.01296EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder