Lucene search
K

277 matches found

CNNVD
CNNVD
added 2023/12/13 12:0 a.m.4 views

Jenkins HTMLResource Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

8.1CVSS6.8AI score0.00493EPSS
Exploits0References4
OSV
OSV
added 2023/11/29 2:15 p.m.3 views

CVE-2023-49654

Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system...

9.8CVSS7.3AI score0.00789EPSS
Exploits0References2
OSV
OSV
added 2023/11/29 2:15 p.m.5 views

CVE-2023-49655

A cross-site request forgery CSRF vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system...

8.8CVSS5.7AI score0.00396EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/11/29 12:0 a.m.6 views

PT-2023-31280 · Jenkins · Jenkins Matlab Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins MATLAB Plugin versions 2.11.0 and earlier Description: The issue arises from missing permission checks in the Jenkins MATLAB Plugin, allowing attackers to have Jenkins parse an XML file from the Jenkins controller file system...

9.8CVSS9.5AI score0.00789EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/10/30 11:10 a.m.7 views

Jenkins: Temporary file parameter created with insecure permissions

A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the defau...

4.4CVSS7.3AI score0.00244EPSS
Exploits0References5
NVD
NVD
added 2023/10/25 6:17 p.m.31 views

CVE-2023-46655

Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins...

6.5CVSS7AI score0.01159EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/10/25 1:45 p.m.15 views

CVE-2023-46654

Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller...

7.1AI score0.0135EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2023/09/20 5:15 p.m.27 views

CVE-2023-43497

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controll...

8.1CVSS6.9AI score0.008EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/09/20 4:6 p.m.17 views

CVE-2023-43498

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller...

6.6AI score0.008EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/09/15 12:0 a.m.5 views

ZZCMS Code Issues Vulnerabilities

ZZCMS is a content management system CMS from the China ZZCMS team. A security vulnerability exists in ZZCMS v.2023, which can be exploited to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...

9.8CVSS7.4AI score0.01316EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/09/15 12:0 a.m.6 views

PT-2023-28328 · Zzcms +1 · Zzcms +1

Name of the Vulnerable Software and Affected Versions: zzCMS version 2023 Description: An issue in the software allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php. Recommendations: For zzCMS version 2023, consider...

9.8CVSS9.6AI score0.01316EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2023/09/06 3:30 p.m.21 views

Path traversal allows exploiting XXE vulnerability in Jenkins Job Configuration History Plugin

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'...

6.5CVSS6.7AI score0.00555EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/16 12:0 a.m.4 views

PT-2023-27396 · Jenkins · Jenkins Folders Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Folders Plugin versions 6.846.v23698686f0f6 and earlier Description: The issue concerns the Jenkins Folders Plugin, which displays an error message including the absolute path of a log file when attempting to access the Scan...

4.3CVSS4.5AI score0.00533EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2023/07/12 6:30 p.m.24 views

Jenkins Benchmark Evaluator Plugin vulnerable to cross-site request forgery

Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the...

8.8CVSS6.6AI score0.00423EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/06/19 9:15 p.m.4 views

CVE-2023-3315

Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

4.3CVSS5.8AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/06/19 10:15 a.m.4 views

Jenkins: Temporary file parameter created with insecure permissions

A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the defau...

4.4CVSS7.3AI score0.00244EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/06/19 12:0 a.m.4 views

PT-2023-24190 · Jenkins · Jenkins Team Concert Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Team Concert Plugin versions 2.4.1 and earlier Description: The issue is related to missing permission checks in the Jenkins Team Concert Plugin, which allows attackers with Overall/Read permission to check for the existence of an...

4.3CVSS6.9AI score0.00497EPSS
Exploits0References5
OSV
OSV
added 2023/06/14 3:30 p.m.23 views

GHSA-WHGJ-6M78-2GG9 Arbitrary file read vulnerability in Jenkins AWS CodeCommit Trigger Plugin

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system...

6.5CVSS6.5AI score0.0063EPSS
Exploits0References3
OSV
OSV
added 2023/05/16 4:15 p.m.25 views

CVE-2023-32979

Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system...

4.3CVSS6.8AI score
Exploits0References1
Prion
Prion
added 2023/05/16 4:15 p.m.24 views

Design/Logic Flaw

Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system...

4CVSS4.7AI score0.00503EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder