Lucene search
K

8 matches found

Github Security Blog
Github Security Blog
added 2022/05/24 5:45 p.m.25 views

CSRF vulnerability in Jenkins Build With Parameters Plugin

Jenkins Build With Parameters Plugin 1.5 and earlier does not require POST requests for its form submission endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to build a project with attacker-specified parameters. Build With Parameters Plug...

8.8CVSS8.2AI score0.00749EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 5:45 p.m.16 views

GHSA-W24G-24QG-V4W2 CSRF vulnerability in Jenkins Build With Parameters Plugin

Jenkins Build With Parameters Plugin 1.5 and earlier does not require POST requests for its form submission endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to build a project with attacker-specified parameters. Build With Parameters Plug...

8.8CVSS8.6AI score0.00749EPSS
Exploits0References5
CNVD
CNVD
added 2021/03/31 12:0 a.m.8 views

CloudBees Jenkins Build With Parameters Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

5.4CVSS5.9AI score0.81907EPSS
Exploits0References1
CNVD
CNVD
added 2021/03/31 12:0 a.m.9 views

CloudBees Jenkins Build With Parameters Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site request forgery...

8.8CVSS6.6AI score0.00749EPSS
Exploits0References1
NVD
NVD
added 2021/03/30 12:16 p.m.17 views

CVE-2021-21629

A cross-site request forgery CSRF vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with attacker-specified parameters...

8.8CVSS0.00749EPSS
Exploits0References2
OSV
OSV
added 2021/03/30 12:16 p.m.17 views

CVE-2021-21629

A cross-site request forgery CSRF vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with attacker-specified parameters...

8.8CVSS6.7AI score
Exploits0References2
CVE
CVE
added 2021/03/30 11:10 a.m.80 views

CVE-2021-21629

CVE-2021-21629: A CSRF vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows an attacker to trigger builds with attacker-specified parameters via endpoints that do not require POST; patch to 1.5.1 or later is indicated by sources (OSV/GHSA/NASL) as the fix. No exploitation ...

8.8CVSS8.6AI score0.00749EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/03/30 11:10 a.m.84 views

CVE-2021-21628

The CVE-2021-21628 case concerns Jenkins Build With Parameters Plugin (versions ≤ 1.5). The underlying issue is that parameter names and descriptions are not escaped, enabling stored XSS. The vulnerability can be exploited by attackers who have Job/Configure permission. Public writeups from OSV a...

5.4CVSS5.2AI score0.81907EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder