Lucene search
K

114 matches found

OSV
OSV
added 2023/07/19 6:30 p.m.18 views

GHSA-27PR-R7HM-C2RC Missing permission check in Jenkins Dimensions Plugin allows enumerating credentials IDs

Dimensions Plugin 0.9.3 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...

4.2CVSS5.2AI score0.00625EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/07/12 3:53 p.m.31 views

CVE-2023-37965

A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.4AI score0.00627EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/07/12 3:52 p.m.16 views

CVE-2023-37949

A missing permission check in Jenkins Orka by MacStadium Plugin 1.33 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.4AI score0.00525EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/07/12 12:0 a.m.5 views

PT-2023-26196 · Macstadium +1 · Jenkins Orka By Macstadium Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Orka by MacStadium Plugin versions 1.33 and earlier Description: A missing permission check in the Jenkins Orka by MacStadium Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using...

7.1CVSS6.7AI score0.00525EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/06/14 3:30 p.m.26 views

Jenkins Digital.ai App Management Publisher Plugin missing permission checks

Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

6.5CVSS6.5AI score0.00658EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/06/14 3:30 p.m.16 views

GHSA-5GHV-WXH9-7356 Jenkins Digital.ai App Management Publisher Plugin missing permission checks

Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

4.2CVSS5.5AI score0.00658EPSS
Exploits0References3
OSV
OSV
added 2023/06/14 3:30 p.m.30 views

GHSA-R72X-2H45-P59X Jenkins Digital.ai App Management Publisher Plugin vulnerable to Cross-Site Request Forgery

Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

4.2CVSS5.5AI score0.00452EPSS
Exploits0References4
OSV
OSV
added 2023/05/16 4:15 p.m.20 views

CVE-2023-32989

A cross-site request forgery CSRF vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method...

8.8CVSS7AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/05/16 12:0 a.m.11 views

PT-2023-24123 · Jenkins · Jenkins Azure Vm Agents Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Azure VM Agents Plugin versions 852.v8d35f0960a 43 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using...

6.5CVSS6.3AI score0.00578EPSS
Exploits0References4
NVD
NVD
added 2023/04/02 9:15 p.m.28 views

CVE-2023-28673

A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS4.8AI score0.00409EPSS
Exploits0References1
Prion
Prion
added 2023/04/02 9:15 p.m.16 views

Design/Logic Flaw

Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

4CVSS6.2AI score0.00509EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2023/03/23 11:26 a.m.24 views

CVE-2023-28673

A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.4AI score0.00409EPSS
Exploits0References1
OSV
OSV
added 2023/02/15 9:30 p.m.20 views

GHSA-PX6V-6JHF-J46R CSRF vulnerability in Synopsys Jenkins Coverity Plugin

A cross-site request forgery CSRF vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

3.5CVSS4.1AI score0.00357EPSS
Exploits0References3
NVD
NVD
added 2023/02/15 7:15 p.m.26 views

CVE-2023-23848

Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS4.5AI score0.0052EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/02/15 12:0 a.m.21 views

CVE-2023-23848

Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.8AI score0.0052EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2023/02/15 12:0 a.m.29 views

CVE-2023-23847

A cross-site request forgery CSRF vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

3.5CVSS6AI score0.00357EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2023/02/15 12:0 a.m.28 views

CVE-2023-25766

A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.4AI score0.00511EPSS
Exploits0References2
OSV
OSV
added 2023/01/26 9:30 p.m.34 views

GHSA-HCVF-PFRM-JXGF Cisco Spark Notifier Jenkins Plugin contains Missing Authorization

A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS4.7AI score0.00584EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/01/26 9:30 p.m.53 views

Jenkins GitHub Pull Request Builder Plugin missing permission check allows enumerating credentials IDs

Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credential...

4.3CVSS4.4AI score0.00661EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/01/24 12:0 a.m.33 views

CVE-2023-24438

A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkin...

6.5AI score0.00769EPSS
Exploits0References1
Rows per page
Query Builder