Lucene search
K

40 matches found

Prion
Prion
added 2022/09/21 4:15 p.m.30 views

Design/Logic Flaw

Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

4CVSS6.3AI score0.00676EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/09/21 4:15 p.m.25 views

Design/Logic Flaw

Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4CVSS6.3AI score0.00676EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/09/21 3:46 p.m.400 views

CVE-2022-41255

CVE-2022-41255 affects Jenkins with the CONS3RT Plugin 1.0.0 and earlier. The vulnerability is that the Cons3rt API token is stored unencrypted in job config.xml files on the Jenkins controller, where it can be viewed by users who have access to the controller filesystem. The available sources co...

6.5CVSS6.3AI score0.00676EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/09/21 3:46 p.m.30 views

CVE-2022-41254

Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.8AI score0.00676EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/09/21 3:46 p.m.4 views

CVE-2022-41254

Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.4AI score0.00676EPSS
Exploits0References2
CVE
CVE
added 2022/09/21 3:46 p.m.89 views

CVE-2022-41254

CVE-2022-41254 is confirmed in the connected records as a vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier where there are missing permission checks that allow attackers with Overall/Read permissions to connect to an attacker-specified HTTP server using attacker-specified credentials IDs...

6.5CVSS6.2AI score0.00676EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/09/21 3:46 p.m.94 views

CVE-2022-41253

CVE-2022-41253 describes a CSRF vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier. The issue allows attackers, with Overall/Read permission, to cause the plugin to connect to an attacker‑specified HTTP server using attacker‑specified credentials IDs, thereby capturing credentials stored i...

8.8CVSS8.6AI score0.00485EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/09/21 3:46 p.m.27 views

CVE-2022-41253

A cross-site request forgery CSRF vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.9AI score0.00485EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/09/21 3:46 p.m.5 views

CVE-2022-41253

A cross-site request forgery CSRF vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5AI score0.00485EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/09/21 3:46 p.m.5 views

CVE-2022-41252

Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...

6.4AI score0.00544EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/09/21 3:46 p.m.23 views

CVE-2022-41252

Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...

5.2AI score0.00544EPSS
Exploits0References2
CVE
CVE
added 2022/09/21 3:46 p.m.89 views

CVE-2022-41252

The CVE CVE-2022-41252 affects Jenkins CONS3RT Plugin 1.0.0 and earlier. Description: missing permission checks in several HTTP endpoints allow users with Overall/Read permission to enumerate credentials IDs stored in Jenkins, enabling potential credential exposure. Root cause: insufficient acces...

4.3CVSS4.3AI score0.00544EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.2 views

PT-2022-25768 · Jenkins · Jenkins Cons3Rt Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CONS3RT Plugin versions 1.0.0 and earlier Description: The issue is related to missing permission checks in the Jenkins CONS3RT Plugin, which allows users with Overall/Read permission to enumerate credentials IDs of credentials stored...

4.3CVSS4.2AI score0.00544EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.7 views

PT-2022-25770 · Jenkins · Jenkins Cons3Rt Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CONS3RT Plugin versions 1.0.0 and earlier Description: The issue arises from missing permission checks in the Jenkins CONS3RT Plugin, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server usin...

6.5CVSS6.3AI score0.00676EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/09/21 12:0 a.m.5 views

Jenkins CONS3RT Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.1AI score0.00544EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.2 views

PT-2022-25769 · Jenkins · Jenkins Cons3Rt Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CONS3RT Plugin versions 1.0.0 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another...

8.8CVSS8.5AI score0.00485EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.4 views

PT-2022-25771 · Jenkins · Jenkins Cons3Rt Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CONS3RT Plugin versions 1.0.0 and earlier Description: The issue allows users with access to the Jenkins controller file system to view the Cons3rt API token, which is stored unencrypted in job config.xml files on the Jenkins...

6.5CVSS6.2AI score0.00676EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/09/21 12:0 a.m.6 views

Jenkins CONS3RT Plugin 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site request...

8.8CVSS7.8AI score0.00485EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/21 12:0 a.m.3 views

Jenkins CONS3RT Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS6.5AI score0.00676EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/21 12:0 a.m.4 views

Jenkins CONS3RT Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS6.5AI score0.00676EPSS
Exploits0References4
Rows per page
Query Builder