Jenkins ElectricFlow Plugin is vulnerable to reflected cross site scripting vulnerability

The configuration forms of various post-build steps contributed by CloudBees CD Plugin were vulnerable to cross-site scripting. This allowed attackers able to control the output of connected ElectricFlow servers' APIs to inject arbitrary HTML and JavaScript into the configuration form. CloudBees ...

Jenkins Enterprise and Operations Center 2.303.x < 2.303.30.0.13 / 2.332.3.4 Multiple Vulnerabilities (CloudBees Security Advisory 2022-05-17)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.303.x prior to 2.303.30.0.13, or 2.x prior to 2.332.3.4. It is, therefore, affected by multiple vulnerabilities, including the following: - Jenkins Rundeck Plugin 3.6.10 and earlier does not...

Jenkins CloudBees AWS Credentials Plugin Permissions Licensing and Access Control Issues Vulnerability

Jenkins CloudBees AWS Credentials and Jenkins are both Jenkins open source products.Jenkins CloudBees AWS Credentials is an application plug-in. Jenkins is an application that allows storage of Amazon IAM credentials in the Jenkins Credentials API. An open source automation server, Jenkins provid...

Jenkins CloudBees AWS Credentials Plugin Cross-Site Request Forgery Vulnerability

Jenkins is a software project, a Java-based continuous integration tool for monitoring continuously recurring work, designed to provide an open and easy-to-use software platform that allows software projects to be continuously integrated. Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995...

GHSA-PV4M-7C68-F4C5 CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin

A cross-site request forgery CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

GHSA-M9GV-4523-JFFM Missing permission checks in AWS Credentials Plugin

A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin

A cross-site request forgery CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

Missing permission checks in AWS Credentials Plugin

A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

CVE-2022-27199

A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

Information disclosure

A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

CVE-2022-27199

CVE-2022-27199 corresponds to a vulnerability in Jenkins CloudBees AWS Credentials Plugin (versions 189.v3551d5642995 and earlier) caused by a missing permission check. This flaw lets attackers with Overall/Read permission connect to an AWS service using an attacker-specified token, as described ...

CVE-2022-27199

A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

CVE-2022-27199

A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

CVE-2022-27198

CVE-2022-27198 is a CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin (versions up to 189.v3551d5642995 and earlier). It allows attackers with Overall/Read permission to perform actions against AWS services using an attacker-specified token. The connected advisories confirm the issue...

CVE-2022-27198

A cross-site request forgery CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

Jenkins Enterprise and Operations Center 2.277.x < 2.277.43.0.7 / 2.303.x < 2.303.30.0.6 / 2.319.3.4 Multiple Vulnerabilities (CloudBees Security Advisory 2022-02-15)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.277.x prior to 2.277.43.0.7, 2.303.x prior to 2.303.30.0.6, or 2.x prior to 2.319.3.4. It is, therefore, affected by multiple vulnerabilities, including the following: - Jenkins Pipeline: Groovy...

Jenkins Enterprise and Operations Center < 2.249.31.0.3 / 2.277.4.2 Multiple Vulnerabilities (CloudBees Security Advisory 2021-05-05)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.249.x prior to 2.249.31.0.3, or 2.x prior to 2.277.4.2. It is, therefore, affected by multiple vulnerabilities, including the following: - Missing permission checks in ItemReplicationLive /...

Jenkins Enterprise and Operations Center < 2.249.32.0.2 / 2.277.41.0.2 / 2.303.1.6 Multiple Vulnerabilities (CloudBees Security Advisory 2021-08-31)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.x prior to 2.303.1.6, 2.249.x prior to 2.249.32.0.2, or 2.277.x prior to 2.277.41.0.2. It is, therefore, affected by multiple vulnerabilities, including the following: - Jenkins Code Coverage API...

CloudBees Jenkins Markdown Formatter Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...