Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

922 matches found

Github Security Blog
Github Security Blogadded 2022/05/24 4:47 p.m.22 views

Jenkins ElectricFlow Plugin cross-site request forgery vulnerability

A missing permission check in a form validation method in CloudBees CD Plugin allowed users with Overall/Read permission to initiate a connection test to an attacker-specified server with attacker-specified username and password. Additionally, the form validation method did not require POST...

4.3CVSS6.7AI score0.00207EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blogadded 2022/05/24 4:47 p.m.20 views

Jenkins ElectricFlow Plugin is vulnerable to reflected cross site scripting vulnerability

The configuration forms of various post-build steps contributed by CloudBees CD Plugin were vulnerable to cross-site scripting. This allowed attackers able to control the output of connected ElectricFlow servers' APIs to inject arbitrary HTML and JavaScript into the configuration form. CloudBees ...

6.1CVSS6.7AI score0.00061EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessusadded 2022/05/24 12:0 a.m.72 views

Jenkins Enterprise and Operations Center 2.303.x < 2.303.30.0.13 / 2.332.3.4 Multiple Vulnerabilities (CloudBees Security Advisory 2022-05-17)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.303.x prior to 2.303.30.0.13, or 2.x prior to 2.332.3.4. It is, therefore, affected by multiple vulnerabilities, including the following: - Jenkins Rundeck Plugin 3.6.10 and earlier does not...

8.8CVSS6.6AI score0.00544EPSS
Exploits0References29
Tenable Nessus
Tenable Nessusadded 2022/05/23 12:0 a.m.38 views

Jenkins Enterprise and Operations Center 2.277.x < 2.277.43.0.8 / 2.303.x < 2.303.30.0.7 / 2.332.1.5 Multiple Vulnerabilities (CloudBees Security Advisory 2022-03-15)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.277.x prior to 2.277.43.0.8, 2.303.x prior to 2.303.30.0.7, or 2.x prior to 2.332.1.5. It is, therefore, affected by multiple vulnerabilities, including the following: - A cross-site request forge...

8.8CVSS6.1AI score0.01271EPSS
Exploits0References25
OSV
OSVadded 2022/05/17 3:53 a.m.2 views

GHSA-PV88-J6RG-R56P Jenkins allows attackers to obtain sensitive information

The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump...

3.5CVSS5.9AI score0.00085EPSS
Exploits0References5
Tenable Nessus
Tenable Nessusadded 2022/05/16 12:0 a.m.146 views

Jenkins Enterprise and Operations Center 2.303.x < 2.303.30.0.10 / 2.332.2.6 Multiple Vulnerabilities (CloudBees Security Advisory 2022-04-12)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.303.x prior to 2.303.30.0.10, or 2.x prior to 2.332.2.6. It is, therefore, affected by multiple vulnerabilities, including the following: - Jenkins Pipeline: Shared Groovy Libraries Plugin...

8.8CVSS5.9AI score0.00389EPSS
Exploits0References18
vulnersOsv
vulnersOsvadded 2022/05/14 1:52 a.m.5 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +771 more potentially affected by CVE-2013-2033 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.509)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.9, =1.0, =1.0.0, =1.0, =1.0-beta-1, =2.1, =1.0, =1.0, =1.0, =1.0, =1.2 - com.cloudbees.jenkins.plugins:cloudbees-credentials =3.3 and more Source cves: CVE-2013-2033 Source advisory: OSV:GHSA-826F-32QM-VM3J...

2.1CVSS5.8AI score0.00178EPSS
Exploits0
CNVD
CNVDadded 2022/03/22 12:0 a.m.25 views

Jenkins CloudBees AWS Credentials Plugin Permissions Licensing and Access Control Issues Vulnerability

Jenkins CloudBees AWS Credentials and Jenkins are both Jenkins open source products.Jenkins CloudBees AWS Credentials is an application plug-in. Jenkins is an application that allows storage of Amazon IAM credentials in the Jenkins Credentials API. An open source automation server, Jenkins provid...

4.3CVSS1.8AI score0.00031EPSS
Exploits0References1
CNVD
CNVDadded 2022/03/17 12:0 a.m.16 views

Jenkins CloudBees AWS Credentials Plugin Cross-Site Request Forgery Vulnerability

Jenkins is a software project, a Java-based continuous integration tool for monitoring continuously recurring work, designed to provide an open and easy-to-use software platform that allows software projects to be continuously integrated. Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995...

6CVSS7.6AI score0.00083EPSS
Exploits0
Github Security Blog
Github Security Blogadded 2022/03/16 12:0 a.m.22 views

CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin

A cross-site request forgery CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

8CVSS4.7AI score0.00083EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2022/03/16 12:0 a.m.0 views

GHSA-PV4M-7C68-F4C5 CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin

A cross-site request forgery CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

8CVSS5.8AI score0.00083EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2022/03/16 12:0 a.m.16 views

Missing permission checks in AWS Credentials Plugin

A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

4.3CVSS6.5AI score0.00031EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2022/03/16 12:0 a.m.12 views

GHSA-M9GV-4523-JFFM Missing permission checks in AWS Credentials Plugin

A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

4.3CVSS4.7AI score0.00031EPSS
Exploits0References3
OSV
OSVadded 2022/03/15 5:15 p.m.3 views

CVE-2022-27199

A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

4.3CVSS5.8AI score
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2022/03/15 5:15 p.m.2 views

CVE-2022-27199

A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

4.3CVSS5.9AI score0.00031EPSS
Exploits0References3
NVD
NVDadded 2022/03/15 5:15 p.m.10 views

CVE-2022-27199

A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

4.3CVSS0.00031EPSS
Exploits0References2
OSV
OSVadded 2022/03/15 5:15 p.m.3 views

CVE-2022-27198

A cross-site request forgery CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

8CVSS7.2AI score
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2022/03/15 5:15 p.m.3 views

CVE-2022-27198

A cross-site request forgery CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

8CVSS5.8AI score0.00083EPSS
Exploits0References3
Prion
Prionadded 2022/03/15 5:15 p.m.14 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

6CVSS7.7AI score0.00083EPSS
Exploits0References2Affected Software1
Prion
Prionadded 2022/03/15 5:15 p.m.11 views

Information disclosure

A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

4CVSS4.4AI score0.00031EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder