25 matches found
CVE-2024-2215
A cross-site request forgery CSRF vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions...
EUVD-2022-3197
Malicious code in bioql PyPI...
Jenkins docker-build-step Plugin missing permission check
A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting futu...
CVE-2024-2215
A cross-site request forgery CSRF vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions...
CVE-2024-2215
A cross-site request forgery CSRF vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions...
Design/Logic Flaw
A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting futu...
CVE-2024-2216
A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting futu...
CVE-2024-2216
CVE-2024-2216 affects the Jenkins docker-build-step Plugin (versions 2.11 and earlier). The issue is a missing permission check on an HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL and to reconfigure the plugin using the p...
CVE-2024-2215
CVE-2024-2215 : CSRF vulnerability in Jenkins docker-build-step Plugin (version ≤ 2.11) allows an attacker to connect to an attacker-specified TCP/Unix socket URL and reconfigure the plugin using provided connection test parameters, impacting subsequent build step executions. The description from...
CVE-2024-2215
A cross-site request forgery CSRF vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions...
CVE-2024-2215
A cross-site request forgery CSRF vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions...
Important: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
CVE-2023-25762
Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control job names...
CVE-2023-25762
Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control job names...
Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.9 Multiple Vulnerabilities (CloudBees Security Advisory 2023-02-15)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.9. It is, therefore, affected by multiple vulnerabilities including the following: - CSRF vulnerability and missing permission checks in Synopsys Coverity Plugin allow...
CVE-2023-25762
CVE-2023-25762 affects Jenkins Pipeline: Build Step Plugin 2.18 and earlier. The root cause is failure to escape job names in a JavaScript expression used by the Pipeline Snippet Generator, enabling a stored XSS vulnerability exploitable by attackers who can control job names. The provided docume...
Jenkins Build Step Plugin fails to check Item/Build permission
Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins...
GHSA-8JX9-7J5M-79X4 Jenkins Build Step Plugin fails to check Item/Build permission
Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins...
Password parameter default values exposed by Jenkins Pipeline: Build Step Plugin
Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs...
GHSA-G84F-CMC8-682C Password parameter default values exposed by Jenkins Pipeline: Build Step Plugin
Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs...