43 matches found
PT-2019-11731 · Jenkins +1 · Jenkins Electricflow Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins ElectricFlow Plugin version 1.1.5 and earlier CloudBees CD Plugin affected versions not specified Description: A cross-site request forgery issue allows attackers to connect to a specified URL using specified credentials. This is due ...
PT-2019-11733 · Jenkins +1 · Jenkins Electricflow Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins ElectricFlow Plugin version 1.1.5 and earlier CloudBees CD Plugin affected versions not specified Description: The issue concerns missing permission checks in various HTTP endpoints of the Jenkins ElectricFlow Plugin and form validati...
PT-2019-11734 · Cloudbees +1 · Cloudbees Cd Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins ElectricFlow Plugin version 1.1.5 and earlier CloudBees CD Plugin affected versions not specified Description: The issue concerns the disabling of SSL/TLS and hostname verification in Jenkins plugins. Specifically, the Jenkins...