Lucene search
+L

137 matches found

Prion
Prion
added 2023/04/02 9:15 p.m.19 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS4.5AI score0.00361EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/03/23 11:26 a.m.31 views

CVE-2023-28671

A cross-site request forgery CSRF vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

5.3AI score0.00361EPSS
Exploits0References1
OSV
OSV
added 2023/01/26 9:30 p.m.18 views

GHSA-GMHF-37FX-C4Q8 Missing permission checks in Jenkins Orka Plugin allow capturing credentials

Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS6.5AI score0.00769EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/01/26 9:30 p.m.39 views

Missing permissions check in Jenkins JIRA Pipeline Steps Plugin

A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkin...

6.5CVSS6.9AI score0.00769EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/26 9:30 p.m.30 views

CSRF vulnerability in Jenkins Orka Plugin allow capturing credentials

A cross-site request forgery CSRF vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS8.6AI score0.00515EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/01/26 9:18 p.m.28 views

CVE-2023-24438

A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkin...

6.5CVSS6.3AI score0.00769EPSS
Exploits0References1
OSV
OSV
added 2023/01/26 9:18 p.m.9 views

CVE-2023-24433

Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS6.6AI score0.00769EPSS
Exploits0References1
Prion
Prion
added 2023/01/26 9:18 p.m.15 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.8CVSS8.7AI score0.00515EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.4 views

PT-2023-19592 · Macstadium +1 · Jenkins Orka By Macstadium Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Orka by MacStadium Plugin versions 1.31 and earlier Description: A cross-site request forgery CSRF issue allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs, potentially capturing...

8.8CVSS8.6AI score0.00515EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/12/07 12:0 a.m.35 views

CVE-2022-46688

A cross-site request forgery CSRF vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers previously configured by Jenkins administrators using attacker-specified credentials IDs obtained through another method,...

7AI score0.00429EPSS
Exploits0References1
NVD
NVD
added 2022/10/19 4:15 p.m.32 views

CVE-2022-43418

A cross-site request forgery CSRF vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS0.00397EPSS
Exploits0References2
Prion
Prion
added 2022/10/19 4:15 p.m.24 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS4.6AI score0.00397EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/09/22 12:0 a.m.17 views

GHSA-GHQ7-85HP-FH76 CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin allows capturing credentials

Worksoft Execution Manager Plugin 10.0.3.503 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another metho...

4.2CVSS8.7AI score0.00436EPSS
Exploits0References3
NVD
NVD
added 2022/09/21 4:15 p.m.26 views

CVE-2022-41254

Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS0.00676EPSS
Exploits0References2
OSV
OSV
added 2022/09/21 4:15 p.m.5 views

CVE-2022-41245

A cross-site request forgery CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS5.8AI score0.00436EPSS
Exploits0References1
OSV
OSV
added 2022/09/21 4:15 p.m.20 views

CVE-2022-41254

Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS6.4AI score
Exploits0References2
OSV
OSV
added 2022/09/21 4:15 p.m.8 views

CVE-2022-41250

A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS5.8AI score0.00551EPSS
Exploits0References2
Prion
Prion
added 2022/09/21 4:15 p.m.19 views

Design/Logic Flaw

A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4CVSS6.3AI score0.00551EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.2 views

PT-2022-25769 · Jenkins · Jenkins Cons3Rt Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CONS3RT Plugin versions 1.0.0 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another...

8.8CVSS8.5AI score0.00485EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.6 views

PT-2022-25760 · Jenkins · Jenkins Worksoft Execution Manager Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Worksoft Execution Manager Plugin versions 10.0.3.503 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, capturin...

8.8CVSS8.6AI score0.00436EPSS
Exploits0References6
Rows per page
Query Builder