40 matches found
Design/Logic Flaw
Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
Design/Logic Flaw
Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-41255
CVE-2022-41255 affects Jenkins with the CONS3RT Plugin 1.0.0 and earlier. The vulnerability is that the Cons3rt API token is stored unencrypted in job config.xml files on the Jenkins controller, where it can be viewed by users who have access to the controller filesystem. The available sources co...
CVE-2022-41254
Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-41254
Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-41254
CVE-2022-41254 is confirmed in the connected records as a vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier where there are missing permission checks that allow attackers with Overall/Read permissions to connect to an attacker-specified HTTP server using attacker-specified credentials IDs...
CVE-2022-41253
CVE-2022-41253 describes a CSRF vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier. The issue allows attackers, with Overall/Read permission, to cause the plugin to connect to an attacker‑specified HTTP server using attacker‑specified credentials IDs, thereby capturing credentials stored i...
CVE-2022-41253
A cross-site request forgery CSRF vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-41253
A cross-site request forgery CSRF vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-41252
Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...
CVE-2022-41252
Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...
CVE-2022-41252
The CVE CVE-2022-41252 affects Jenkins CONS3RT Plugin 1.0.0 and earlier. Description: missing permission checks in several HTTP endpoints allow users with Overall/Read permission to enumerate credentials IDs stored in Jenkins, enabling potential credential exposure. Root cause: insufficient acces...
PT-2022-25768 · Jenkins · Jenkins Cons3Rt Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins CONS3RT Plugin versions 1.0.0 and earlier Description: The issue is related to missing permission checks in the Jenkins CONS3RT Plugin, which allows users with Overall/Read permission to enumerate credentials IDs of credentials stored...
PT-2022-25770 · Jenkins · Jenkins Cons3Rt Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins CONS3RT Plugin versions 1.0.0 and earlier Description: The issue arises from missing permission checks in the Jenkins CONS3RT Plugin, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server usin...
Jenkins CONS3RT Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2022-25769 · Jenkins · Jenkins Cons3Rt Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins CONS3RT Plugin versions 1.0.0 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another...
PT-2022-25771 · Jenkins · Jenkins Cons3Rt Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins CONS3RT Plugin versions 1.0.0 and earlier Description: The issue allows users with access to the Jenkins controller file system to view the Cons3rt API token, which is stored unencrypted in job config.xml files on the Jenkins...
Jenkins CONS3RT Plugin 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site request...
Jenkins CONS3RT Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins CONS3RT Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...