Lucene search
K

40 matches found

Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.3 views

PT-2023-30144 · Cloudbees +1 · Jenkins Cloudbees Cd Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CloudBees CD Plugin versions 1.1.32 and earlier Description: The issue allows attackers who can configure jobs to publish arbitrary files from the Jenkins controller file system to the previously configured CloudBees CD server. This i...

6.5CVSS6.4AI score0.01159EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.3 views

PT-2023-6543 · Cloudbees +1 · Jenkins Cloudbees Cd Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CloudBees CD Plugin versions 1.1.32 and earlier Description: The issue is related to the handling of symbolic links during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step. This allows attackers who can...

8.5CVSS7.8AI score0.0135EPSS
Exploits0References13
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.2 views

Jenkins Plugin CloudBees CD Backlinking Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

8.1CVSS6.7AI score0.0135EPSS
Exploits0References3
OSV
OSV
added 2022/05/24 4:47 p.m.24 views

GHSA-66R6-RVV9-9X6M Jenkins ElectricFlow Plugin missing permission check

A missing permission check in a form validation method in CloudBees CD Plugin allowed users with Overall/Read permission to initiate a connection test to an attacker-specified server with attacker-specified username and password. Additionally, the form validation method did not require POST...

4.3CVSS4.4AI score0.01829EPSS
Exploits0References4
OSV
OSV
added 2022/05/24 4:47 p.m.37 views

GHSA-XMQV-PFW7-QMJ7 Jenkins ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation

CloudBees CD Plugin unconditionally disabled SSL/TLS certificate validation for the entire Jenkins controller JVM during the deployment/publication of an application. CloudBees CD Plugin no longer does that. Instead, the existing opt-in option to ignore SSL/TLS errors is used during deployment fo...

6.5CVSS6.5AI score0.01303EPSS
Exploits0References5
OSV
OSV
added 2022/05/24 4:47 p.m.12 views

GHSA-W3PJ-V9JR-V2WC Jenkins ElectricFlow Plugin is vulnerable to reflected cross site scripting vulnerability

The configuration forms of various post-build steps contributed by CloudBees CD Plugin were vulnerable to cross-site scripting. This allowed attackers able to control the output of connected ElectricFlow servers' APIs to inject arbitrary HTML and JavaScript into the configuration form. CloudBees ...

4.7CVSS6.1AI score0.01375EPSS
Exploits0References5
OSV
OSV
added 2022/05/24 4:47 p.m.21 views

GHSA-M8F2-9282-X38V Jenkins ElectricFlow Plugin Missing permission checks

Various form validation and form autocompletion methods in CloudBees CD Plugin lacked permission checks. This allowed attackers with Overall/Read access to obtain information about the configuration of CloudBees CD Plugin, as well as the configuration and data of connected ElectricFlow servers...

4.3CVSS4.3AI score0.01353EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 4:47 p.m.25 views

Jenkins ElectricFlow Plugin missing permission check

A missing permission check in a form validation method in CloudBees CD Plugin allowed users with Overall/Read permission to initiate a connection test to an attacker-specified server with attacker-specified username and password. Additionally, the form validation method did not require POST...

4.3CVSS6.7AI score0.01829EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 4:47 p.m.24 views

Jenkins ElectricFlow Plugin cross-site request forgery vulnerability

A missing permission check in a form validation method in CloudBees CD Plugin allowed users with Overall/Read permission to initiate a connection test to an attacker-specified server with attacker-specified username and password. Additionally, the form validation method did not require POST...

4.3CVSS6.7AI score0.01058EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 4:47 p.m.19 views

Jenkins ElectricFlow Plugin Missing permission checks

Various form validation and form autocompletion methods in CloudBees CD Plugin lacked permission checks. This allowed attackers with Overall/Read access to obtain information about the configuration of CloudBees CD Plugin, as well as the configuration and data of connected ElectricFlow servers...

4.3CVSS6.4AI score0.01353EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 4:47 p.m.20 views

Jenkins ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation

CloudBees CD Plugin unconditionally disabled SSL/TLS certificate validation for the entire Jenkins controller JVM during the deployment/publication of an application. CloudBees CD Plugin no longer does that. Instead, the existing opt-in option to ignore SSL/TLS errors is used during deployment fo...

6.5CVSS6.8AI score0.01303EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2021/04/21 3:15 p.m.20 views

CVE-2021-21647

Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having Item/Build permission...

4.3CVSS0.01456EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/04/21 2:20 p.m.36 views

CVE-2021-21647

Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having Item/Build permission...

5.2AI score0.01456EPSS
Exploits0References2
CVE
CVE
added 2021/04/21 2:20 p.m.93 views

CVE-2021-21647

CVE-2021-21647 affects Jenkins CloudBees CD Plugin 1.1.21 and earlier. The root cause is a missing permission check on an HTTP endpoint, which allows attackers with Item/Read permission to schedule builds for projects without having Item/Build permission. Documented impact is that unauthorized us...

4.3CVSS4.8AI score0.01456EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/04/21 12:0 a.m.5 views

PT-2021-14690 · Cloudbees +1 · Jenkins Cloudbees Cd Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CloudBees CD Plugin versions 1.1.21 and earlier Description: The issue concerns a lack of permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having Item/Build...

4.3CVSS4.3AI score0.01456EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2019/06/11 12:0 a.m.7 views

PT-2019-11736 · Jenkins +1 · Jenkins Electricflow Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins ElectricFlow Plugin version 1.1.6 and earlier CloudBees CD Plugin affected versions not specified Description: A reflected cross-site scripting issue allows attackers to inject arbitrary HTML and JavaScript into job configuration form...

6.1CVSS5.9AI score0.01375EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2019/06/11 12:0 a.m.5 views

PT-2019-11733 · Jenkins +1 · Jenkins Electricflow Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins ElectricFlow Plugin version 1.1.5 and earlier CloudBees CD Plugin affected versions not specified Description: The issue concerns missing permission checks in various HTTP endpoints of the Jenkins ElectricFlow Plugin and form validati...

4.3CVSS4.4AI score0.01353EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2019/06/11 12:0 a.m.6 views

PT-2019-11734 · Cloudbees +1 · Cloudbees Cd Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins ElectricFlow Plugin version 1.1.5 and earlier CloudBees CD Plugin affected versions not specified Description: The issue concerns the disabling of SSL/TLS and hostname verification in Jenkins plugins. Specifically, the Jenkins...

6.5CVSS6.5AI score0.01303EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2019/06/11 12:0 a.m.4 views

PT-2019-11732 · Jenkins +1 · Jenkins Electricflow Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins ElectricFlow Plugin version 1.1.5 and earlier CloudBees CD Plugin affected versions not specified Description: A missing permission check in the ConfigurationdoTestConnection method allowed users with Overall/Read access to connect to...

4.3CVSS4.3AI score0.01829EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2019/06/11 12:0 a.m.9 views

PT-2019-11731 · Jenkins +1 · Jenkins Electricflow Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins ElectricFlow Plugin version 1.1.5 and earlier CloudBees CD Plugin affected versions not specified Description: A cross-site request forgery issue allows attackers to connect to a specified URL using specified credentials. This is due ...

4.3CVSS4.3AI score0.01058EPSS
Exploits0References8
Rows per page
Query Builder