CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

296 matches found

RedhatCVE•added 2025/05/22 4:14 a.m.•5 views

CVE-2019-10332

A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in ConfigurationdoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS6.6AI score0.01829EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:12 a.m.•6 views

CVE-2019-1003016

An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java, src/main/java/org/jenkins/ci/plugins/jobimport/JobImportGlobalConfig.java,...

8.8CVSS6AI score0.01023EPSS

Exploits0References1

Github Security Blog•added 2025/05/14 9:31 p.m.•8 views

Jenkins Cadence vManager Plugin Vulnerable to Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

4.3CVSS6.7AI score0.00213EPSS

Exploits0References5Affected Software1

Github Security Blog•added 2025/05/14 9:31 p.m.•11 views

Jenkins Cadence vManager Plugin is Missing Permission Checks

Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

4.3CVSS6.6AI score0.00278EPSS

Exploits0References5Affected Software1

CVE•added 2025/05/14 8:35 p.m.•45 views

CVE-2025-47887

CVE-2025-47887 concerns the Jenkins Cadence vManager Plugin. The root cause is missing permission checks in form validation methods, enabling attackers with Overall/Read to make the plugin connect to an attacker-specified URL using attacker-specified credentials. This also implies a CSRF risk sin...

4.3CVSS6.9AI score0.00278EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/05/14 8:35 p.m.•21 views

CVE-2025-47886

0.00213EPSS

Exploits0References1

CNNVD•added 2025/05/14 12:0 a.m.•2 views

Jenkins plugin Cadence vManager 跨站请求伪造漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security vulnerability...

4.3CVSS6.3AI score0.00213EPSS

Exploits0References2

CNNVD•added 2024/06/26 12:0 a.m.•2 views

Google Nearby Security Breach

Google Nearby is a series of connectivity-focused projects from the American company Google, Inc. for building cross-device experiences. Google Nearby version 1.0.1724.0 previously had a security vulnerability that stemmed from the ability to force an attacked person to connect to an...

5.9CVSS6.6AI score0.00225EPSS

Exploits0References6

Github Security Blog•added 2024/01/24 6:31 p.m.•33 views

CSRF vulnerability in Jenkins GitLab Branch Source Plugin

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier does not require POST requests for a form validation endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified URL. GitLab Branch Source Plugin...

4.3CVSS4.4AI score0.00323EPSS

Exploits0References5Affected Software1

Prion•added 2024/01/24 6:15 p.m.•14 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...

4.3CVSS6.8AI score0.00323EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2024/01/24 5:52 p.m.•7 views

CVE-2024-23902

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...

6.9AI score0.00323EPSS

Exploits0References2

AlpineLinux•added 2024/01/24 5:52 p.m.•30 views

CVE-2024-23902

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...

4.3CVSS7AI score0.00323EPSS

Exploits0References2

Cvelist•added 2024/01/24 5:52 p.m.•33 views

CVE-2024-23902

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...

5.2AI score0.00323EPSS

Exploits0References2

Cvelist•added 2023/12/13 5:30 p.m.•22 views

CVE-2023-50778

A cross-site request forgery CSRF vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token...

8.9AI score0.00414EPSS

Exploits0References2

Vulnrichment•added 2023/11/29 1:45 p.m.•14 views

CVE-2023-49673

A cross-site request forgery CSRF vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password...

8.7AI score0.00447EPSS

Exploits0References2

Tenable Nessus•added 2023/10/23 12:0 a.m.•34 views

Ubuntu 16.04 ESM : Puppet vulnerabilities (USN-4804-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4804-1 advisory. It was discovered that Puppet installed modules with world writable permissions. An attacker could use this vulnerability to execute arbitrary code or...

8.2CVSS7.8AI score0.02395EPSS

Exploits0References3

NVD•added 2023/09/06 1:15 p.m.•16 views

CVE-2023-41946

A cross-site request forgery CSRF vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified...

3.5CVSS5.3AI score0.00271EPSS

Exploits0References2

Cvelist•added 2023/09/06 12:9 p.m.•17 views

CVE-2023-41946

4.7AI score0.00271EPSS

Exploits0References2

AlpineLinux•added 2023/08/21 10:34 p.m.•20 views

CVE-2023-4301

A cross-site request forgery CSRF vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

5.4CVSS6.8AI score0.00196EPSS

Exploits0References1

NVD•added 2023/07/12 4:15 p.m.•9 views

CVE-2023-37955

A cross-site request forgery CSRF vulnerability in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

6.5CVSS0.00384EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by