922 matches found
CVE-2020-2094
A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient...
CVE-2020-2094
A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient...
CVE-2020-2093
CVE-2020-2093 : In Jenkins Health Advisor by CloudBees Plugin (versions 3.0 and earlier), a CSRF flaw exists where methods performing form validation do not enforce permission checks, enabling users with Overall/Read access to send emails with fixed content to attacker-specified recipients. The i...
CVE-2020-2093
A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers to send an email with fixed content to an attacker-specified recipient...
CVE-2020-2093
A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers to send an email with fixed content to an attacker-specified recipient...
PT-2020-15299 · Cloudbees +1 · Health Advisor +1
Name of the Vulnerable Software and Affected Versions: Health Advisor by CloudBees Plugin versions 3.0 and earlier Description: A cross-site request forgery issue allows attackers to send an email with fixed content to a specified recipient. The problem arises because the plugin does not perform...
CloudBees Jenkins Build Failure Analyzer Plugin Authorization Issues Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . An authorization issue vulnerability exists in CloudBees Jenkins Build Failure Analyzer Plugin 1.24.1 and prior versions. The vulnerability stems from a lack of...
CloudBees Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . A cross-site request forgery vulnerability exists in CloudBees Jenkins Build Failure Analyzer Plugin 1.24.1 and prior versions. The vulnerability stems from a WEB...
CloudBees Jenkins Gerrit Trigger plugin cross-site request forgery vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . A cross-site request forgery vulnerability exists in CloudBees Jenkins Gerrit Trigger Plugin 2.30.1 and prior versions. The vulnerability stems from a WEB...
Unspecified Vulnerability in CloudBees Jenkins Redgate SQL Change Automation Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . A security vulnerability exists in CloudBees Jenkins Redgate SQL Change Automation Plugin 2.0.3 and prior versions, which stems from the program storing credentia...
Unspecified Vulnerability in CloudBees Jenkins Rundeck Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Rundeck Plugin is used in one of the...
CloudBees Jenkins RapidDeploy Plugin Authorization Issue Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An authorization issue...
CloudBees Jenkins Team Concert Plugin Authorization Issue Vulnerability (CNVD-2020-11656)
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . An authorization issue vulnerability exists in the methods related to forms in CloudBees Jenkins Team Concert Plugin 1.3.0 and prior versions. The vulnerability...
CloudBees Jenkins buildgraph-view Plugin Cross-Site Scripting Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . A cross-site scripting vulnerability exists in CloudBees Jenkins buildgraph-view Plugin 1.8 and earlier versions. The vulnerability stems from a WEB application t...
CloudBees Jenkins Alauda DevOps Pipeline plugin authorization issue vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An authorization issue...
CloudBees Jenkins Team Concert Plugin Cross-Site Request Forgery Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site request forgery...
CloudBees Jenkins SCTMExecutor Plugin Credential Disclosure Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . A credential disclosure vulnerability exists in CloudBees Jenkins SCTMExecutor Plugin 2.2 and prior versions, which originates when the program passes encrypted...
CloudBees Jenkins Mantis Plugin Cross-Site Request Forgery Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . A cross-site request forgery vulnerability exists in CloudBees Jenkins Mantis Plugin version 0.26 and earlier. The vulnerability stems from a WEB application that...
CloudBees Jenkins Team Concert Plugin Authorization Issue Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . An authorization issue vulnerability exists in CloudBees Jenkins Team Concert Plugin 1.3.0 and prior versions. The vulnerability stems from a lack of authenticati...
CloudBees Jenkins Mission Control Plugin Cross-Site Scripting Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . A cross-site scripting vulnerability exists in CloudBees Jenkins Mission Control Plugin version 0.9.16 and earlier. The vulnerability stems from the failure of a...