Lucene search
K

300 matches found

AlpineLinux
AlpineLinux
added 2022/03/15 4:45 p.m.88 views

CVE-2022-27198

A cross-site request forgery CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

8CVSS4.9AI score0.00491EPSS
Exploits0References2
Prion
Prion
added 2022/03/09 5:15 p.m.17 views

Security feature bypass

A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service...

6.8CVSS8.4AI score0.00895EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2022/02/16 12:1 a.m.27 views

GHSA-M5WP-P3GJ-7Q5G Missing Authorization in Jenkins dbCharts Plugin

A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials...

8.8CVSS8.5AI score0.00775EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/02/15 5:15 p.m.7 views

CVE-2022-25205

A cross-site request forgery CSRF vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if a class is available in the Jenkins instance...

8.8CVSS7.2AI score0.00519EPSS
Exploits0References2
NVD
NVD
added 2022/02/15 5:15 p.m.22 views

CVE-2022-25194

A cross-site request forgery CSRF vulnerability in Jenkins autonomiq Plugin 1.15 and earlier allows attackers to connect to an attacker-specified URL server using attacker-specified credentials...

8.8CVSS0.00519EPSS
Exploits0References1
Prion
Prion
added 2022/02/15 5:15 p.m.13 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials...

6.8CVSS8.7AI score0.00673EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/02/15 12:0 a.m.4 views

PT-2022-17145 · Jenkins · Jenkins Dbcharts Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins dbCharts Plugin versions 0.5.2 and earlier Description: A missing check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials...

8.8CVSS8.4AI score0.00775EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/02/15 12:0 a.m.4 views

Jenkins 插件 跨站请求伪造漏洞

Jenkins plug-ins are plug-ins that provide appropriate functionality for Jenkins. Jenkins Checkmarx Plugin cross-site request forgery vulnerability. The vulnerability can be exploited by an attacker to connect to an attacker-specified web server via an attacker-specified credential ID to capture...

8.8CVSS5.4AI score0.00544EPSS
Exploits0References6
NVD
NVD
added 2022/01/12 8:15 p.m.37 views

CVE-2022-23111

A cross-site request forgery CSRF vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...

4.3CVSS0.26546EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/01/12 8:15 p.m.7 views

CVE-2022-20614

A missing permission check in Jenkins Mailer Plugin 391.ve4a38c1bcf4b and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname...

4.3CVSS6.6AI score0.0111EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/01/12 7:5 p.m.38 views

CVE-2022-20619

A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

7.6AI score0.00655EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/06/22 7:58 a.m.3 views

jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

A cross-site request forgery CSRF vulnerability was found in the config-file-provider Jenkins plugin. The plugin does not require POST requests for an HTTP endpoint which allows attackers to delete configuration files corresponding to an attacker-specified ID...

5.8CVSS6.2AI score0.01053EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2021/06/10 2:25 p.m.27 views

CVE-2021-21665

A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...

8.8CVSS5AI score0.00662EPSS
Exploits0References2
NVD
NVD
added 2021/03/30 12:16 p.m.29 views

CVE-2021-21632

A missing permission check in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins...

6.5CVSS0.01051EPSS
Exploits0References2
OSV
OSV
added 2021/03/30 12:16 p.m.15 views

CVE-2021-21638

A cross-site request forgery CSRF vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS6.5AI score
Exploits0References2
CNNVD
CNNVD
added 2021/03/30 12:0 a.m.4 views

Jenkins OWASP Dependency-Track 跨站请求伪造漏洞

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site request forgery...

8.8CVSS5.8AI score0.0077EPSS
Exploits0References5
OSV
OSV
added 2020/09/16 2:15 p.m.16 views

CVE-2020-2272

A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS6.6AI score
Exploits0References2
NVD
NVD
added 2020/09/16 2:15 p.m.30 views

CVE-2020-2255

A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

4.3CVSS0.00849EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/09/16 1:20 p.m.31 views

CVE-2020-2273

A cross-site request forgery CSRF vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.6AI score0.00679EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/09/16 12:0 a.m.4 views

PT-2020-15497 · Jenkins · Jenkins Elastest Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins ElasTest Plugin versions 1.2.1 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS4.3AI score0.00656EPSS
Exploits0References6
Rows per page
Query Builder