Lucene search
K

300 matches found

OSV
OSV
added 2020/05/06 1:15 p.m.11 views

CVE-2020-2184

A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL...

4.3CVSS6.6AI score
Exploits0References2
Cvelist
Cvelist
added 2020/05/06 12:45 p.m.20 views

CVE-2020-2184

A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL...

4.5AI score0.44464EPSS
Exploits0References2
NVD
NVD
added 2019/12/17 3:15 p.m.13 views

CVE-2019-16575

A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials...

8.8CVSS8.7AI score0.00863EPSS
Exploits0References2
Prion
Prion
added 2019/12/17 3:15 p.m.18 views

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Mantis Plugin 0.26 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials...

4.3CVSS4.7AI score0.00679EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/12/17 2:40 p.m.45 views

CVE-2019-16560

A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system...

8.7AI score0.00691EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/10/23 12:45 p.m.27 views

CVE-2019-10465

A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file syste...

4.4AI score0.00788EPSS
Exploits0References2
OSV
OSV
added 2019/10/16 2:15 p.m.20 views

CVE-2019-10455

A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS6.8AI score
Exploits0References1
OSV
OSV
added 2019/10/16 2:15 p.m.18 views

CVE-2019-10454

A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS6.9AI score
Exploits0References1
OSV
OSV
added 2019/10/16 2:15 p.m.17 views

CVE-2019-10437

A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS6.7AI score
Exploits0References1
Prion
Prion
added 2019/10/16 2:15 p.m.15 views

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS4.3AI score0.00623EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/10/16 1:0 p.m.26 views

CVE-2019-10454

A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.5AI score0.00665EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/10/16 1:0 p.m.24 views

CVE-2019-10441

A cross-site request forgery vulnerability in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.5AI score0.00665EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/10/16 12:0 a.m.6 views

PT-2019-11848 · Jenkins · Jenkins Rundeck Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Rundeck Plugin affected versions not specified Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials. The plugin does not perform permission check...

4.3CVSS4.3AI score0.00665EPSS
Exploits0References5
NVD
NVD
added 2019/08/07 3:15 p.m.20 views

CVE-2019-10389

A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server...

4.3CVSS4.6AI score0.00615EPSS
Exploits0References2
OSV
OSV
added 2019/08/07 3:15 p.m.12 views

CVE-2019-10387

A missing permission check in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptordoTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials...

6.5CVSS6.5AI score
Exploits0References2
OSV
OSV
added 2019/08/07 3:15 p.m.17 views

CVE-2019-10386

A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptordoTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturi...

8.8CVSS6.5AI score
Exploits0References2
OSV
OSV
added 2019/08/07 3:15 p.m.13 views

CVE-2019-10368

A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpldoTestConnection and JCloudsCloud.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified...

8.8CVSS6.4AI score
Exploits0References5
Prion
Prion
added 2019/08/07 3:15 p.m.19 views

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server...

4.3CVSS4.5AI score0.00636EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/08/07 2:20 p.m.27 views

CVE-2019-10388

A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server...

4.5AI score0.00636EPSS
Exploits0References2
Prion
Prion
added 2019/07/11 2:15 p.m.23 views

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

6.8CVSS8.5AI score0.01397EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder