Lucene search
+L

70 matches found

nvd
nvd
added 2026/06/24 2:17 p.m.10 views

CVE-2026-57295

A cross-site request forgery CSRF vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a81c3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins...

5.4CVSS0.00128EPSS
Exploits0References1
euvd
euvd
added 2026/06/24 1:20 p.m.9 views

EUVD-2026-38787

A cross-site request forgery CSRF vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b450b1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.2CVSS5.8AI score0.0011EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/24 1:20 p.m.7 views

CVE-2026-57293

An incorrect permission check in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.9AI score0.0017EPSS
Exploits0References2
osv
osv
added 2026/04/23 7:52 p.m.3 views

CVE-2026-41278 Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the...

8.7CVSS5.9AI score0.00421EPSS
Exploits1References3
osv
osv
added 2026/04/17 9:34 p.m.6 views

GHSA-W47F-J8RH-WX87 Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs

Summary The GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the sanitizeFlowDataForPublicEndpoint function does NOT exist in the released v3.0.13 Docker image...

8.7CVSS5.8AI score0.00421EPSS
Exploits1References3
github
github
added 2026/04/17 9:34 p.m.9 views

Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs

Summary The GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the sanitizeFlowDataForPublicEndpoint function does NOT exist in the released v3.0.13 Docker image...

8.7CVSS5.8AI score0.00421EPSS
Exploits1References3Affected Software1
redhatcve
redhatcve
added 2026/01/09 12:15 p.m.12 views

CVE-2018-1000109

An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credential IDs...

4.3CVSS6.6AI score0.00676EPSS
Exploits0References1
cvelist
cvelist
added 2025/12/03 8:42 a.m.29 views

CVE-2025-13472 Missing authorization in BlazeMeter Jenkins Plugin

A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI...

5.3CVSS0.00218EPSS
Exploits0References1
nvd
nvd
added 2025/10/29 2:15 p.m.5 views

CVE-2025-64149

A cross-site request forgery CSRF vulnerability in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

5.4CVSS0.00188EPSS
Exploits0References2
cvelist
cvelist
added 2025/10/29 1:29 p.m.10 views

CVE-2025-64149

A cross-site request forgery CSRF vulnerability in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

0.00188EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-2815

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00786EPSS
Exploits0References4
euvd
euvd
added 2025/10/03 8:7 p.m.12 views

EUVD-2022-5241

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00676EPSS
Exploits0References4
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-2761

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.0097EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/05/23 3:51 a.m.7 views

CVE-2023-32988

A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS6.3AI score0.00503EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 3:21 a.m.9 views

CVE-2023-24436

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS6.4AI score0.00661EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 3:59 p.m.21 views

CVE-2020-2310

Missing permission checks in Jenkins Ansible Plugin 1.0 and earlier allow attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS6.5AI score0.00792EPSS
Exploits0
redhatcve
redhatcve
added 2025/05/22 3:56 p.m.8 views

CVE-2020-2285

A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS6.4AI score0.00691EPSS
Exploits0
alpinelinux
alpinelinux
added 2023/09/06 12:8 p.m.50 views

CVE-2023-41941

A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins...

4.3CVSS6.7AI score0.00371EPSS
Exploits0References2
cnnvd
cnnvd
added 2023/08/16 12:0 a.m.5 views

Jenkins Plugin Delphix 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.1AI score0.00524EPSS
Exploits0References6
osv
osv
added 2023/07/12 4:15 p.m.4 views

CVE-2023-37952

A cross-site request forgery CSRF vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS5.7AI score0.00437EPSS
Exploits0References2
Rows per page
Query Builder