Lucene search
K

58 matches found

Github Security Blog
Github Security Blog
added 2022/06/24 12:0 a.m.19 views

Plaintext Storage of a Password in Jenkins Convertigo Mobile Platform Plugin

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

6.5CVSS7.6AI score0.00651EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2022/06/24 12:0 a.m.129 views

Jenkins Convertigo Mobile Platform Plugin跨站请求伪造漏洞(CNVD-2022-49790)

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from a failure to perform permission checks in the...

8.8CVSS1.7AI score0.00503EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/24 12:0 a.m.160 views

Jenkins Convertigo Mobile Platform Plugin跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site request forgery vulnerability...

6.5CVSS1.7AI score0.00574EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/24 12:0 a.m.153 views

Jenkins Convertigo Mobile Platform Plugin信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins Convertigo Mobile Platform Plug...

6.5CVSS0.7AI score0.00651EPSS
Exploits0References1
OSV
OSV
added 2022/06/23 5:15 p.m.2 views

CVE-2022-34201

A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

6.5CVSS6.4AI score0.00574EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/06/23 5:15 p.m.2 views

CVE-2022-34200

A cross-site request forgery CSRF vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL...

8.8CVSS6.6AI score0.00503EPSS
Exploits0References2
OSV
OSV
added 2022/06/23 5:15 p.m.4 views

CVE-2022-34199

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

6.5CVSS6.4AI score0.00651EPSS
Exploits0References1
NVD
NVD
added 2022/06/23 5:15 p.m.21 views

CVE-2022-34199

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

6.5CVSS0.00651EPSS
Exploits0References1
NVD
NVD
added 2022/06/23 5:15 p.m.15 views

CVE-2022-34201

A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

6.5CVSS0.00574EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/06/23 5:15 p.m.1 views

CVE-2022-34201

A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

6.5CVSS6.5AI score0.00574EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/06/23 5:15 p.m.2 views

CVE-2022-34199

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

6.5CVSS6.5AI score0.00651EPSS
Exploits0References2
NVD
NVD
added 2022/06/23 5:15 p.m.22 views

CVE-2022-34200

A cross-site request forgery CSRF vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL...

8.8CVSS0.00503EPSS
Exploits0References1
OSV
OSV
added 2022/06/23 5:15 p.m.2 views

CVE-2022-34200

A cross-site request forgery CSRF vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL...

8.8CVSS6.3AI score0.00503EPSS
Exploits0References1
Prion
Prion
added 2022/06/23 5:15 p.m.18 views

Design/Logic Flaw

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

4CVSS6.3AI score0.00651EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/06/23 5:15 p.m.18 views

Information disclosure

A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

4CVSS6.2AI score0.00574EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/06/23 5:15 p.m.19 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL...

6.8CVSS8.6AI score0.00503EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/06/22 2:41 p.m.120 views

CVE-2022-34201

The connected documents confirm CVE-2022-34201 affects Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier, caused by a missing permission check in a form-validation method, enabling attackers with Overall/Read to connect to an attacker-specified URL (CSRF risk noted). As of publication, th...

6.5CVSS6.2AI score0.00574EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/22 2:41 p.m.22 views

CVE-2022-34201

A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

7.9AI score0.00574EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/06/22 2:41 p.m.21 views

CVE-2022-34200

A cross-site request forgery CSRF vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL...

9.2AI score0.00503EPSS
Exploits0References1
CVE
CVE
added 2022/06/22 2:41 p.m.102 views

CVE-2022-34200

The CVE-2022-34200 issue affects Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier. It is a CSRF vulnerability in a form-validation method that allows an attacker with Overall/Read permission to connect to an attacker-specified URL, and the vulnerability can be triggered without POST cons...

8.8CVSS8.6AI score0.00503EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder