Lucene search
+L

77 matches found

ptsecurity
ptsecurity
added 2022/07/27 12:0 a.m.4 views

PT-2022-4016 · Jenkins · Jenkins Coverity Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Coverity Plugin versions 1.11.4 and earlier Description: A missing permission check in the Jenkins Coverity Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. This issue...

4.3CVSS4.4AI score0.00581EPSS
Exploits0References8
github
github
added 2022/07/01 12:1 a.m.26 views

Jenkins RQM Plugin allows enumerating credentials IDs due to missing permission check

Jenkins RQM Plugin 2.8 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerabili...

6.5CVSS6AI score0.00686EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2022/06/30 6:15 p.m.5 views

CVE-2022-34796

A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.9AI score0.00684EPSS
Exploits0References3
attackerkb
attackerkb
added 2022/06/30 6:15 p.m.4 views

CVE-2022-34779

A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.9AI score0.00524EPSS
Exploits0References3
cve
cve
added 2022/06/30 5:47 p.m.280 views

CVE-2022-34796

CVE-2022-34796 affects Jenkins Deployment Dashboard Plugin 1.0.10 and earlier. The root cause is a missing permission check on several HTTP endpoints, enabling attackers with Overall/Read permission to enumerate credential IDs stored in Jenkins, resulting in information disclosure. Practical impa...

4.3CVSS4.8AI score0.00684EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2022/06/30 5:46 p.m.25 views

CVE-2022-34779

A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

5.2AI score0.00524EPSS
Exploits0References1
github
github
added 2022/05/24 5:25 p.m.24 views

Missing permission check in Jenkins Pipeline Maven Integration Plugin allows enumerating credentials IDs

Pipeline Maven Integration Plugin 3.8.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read access to Jenkins to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials...

6.5CVSS6AI score0.00836EPSS
Exploits0References4Affected Software1
github
github
added 2022/05/24 4:58 p.m.29 views

Jenkins CRX Content Package Deployer Plugin subject to credentials enumeration via Missing Authorization

A missing permission check in Jenkins CRX Content Package Deployer Plugin prior to version 1.9 in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. This issue is patched in version 1.9...

4.3CVSS4.2AI score0.00664EPSS
Exploits0References4Affected Software1
github
github
added 2022/05/18 12:0 a.m.26 views

Missing permission check in Jenkins GitLab Plugin

Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. An enumeration of credentials IDs in GitLab Plugin 1.5.32 requires the appropriate...

6.5CVSS6.4AI score0.00818EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2022/05/17 3:15 p.m.4 views

CVE-2022-30957

A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.8AI score0.00699EPSS
Exploits0References3
cve
cve
added 2022/05/17 2:6 p.m.127 views

CVE-2022-30957

CVE-2022-30957 affects Jenkins SSH Plugin (2.6.1 and earlier). A missing permission check allows attackers with Overall/Read to enumerate credentials IDs stored in Jenkins. This is documented in Jenkins security advisory 2022-05-17 and echoed by Red Hat, CNVD, OSV, GHSA, and CVE records. No expli...

4.3CVSS4.7AI score0.00699EPSS
Exploits0References2Affected Software1
prion
prion
added 2022/03/29 1:15 p.m.18 views

Information disclosure

A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4CVSS6.3AI score0.00722EPSS
Exploits0References2
attackerkb
attackerkb
added 2022/03/15 5:15 p.m.8 views

CVE-2022-27209

A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

6.5CVSS5.9AI score0.00908EPSS
Exploits0References3
osv
osv
added 2022/02/15 5:15 p.m.4 views

CVE-2022-25190

A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.8AI score0.0068EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2022/02/15 12:0 a.m.4 views

PT-2022-17130 · Jenkins · Jenkins Conjur Secrets Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Conjur Secrets Plugin versions 1.0.11 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. This can be done...

4.3CVSS4.2AI score0.0068EPSS
Exploits0References6
cvelist
cvelist
added 2022/01/12 7:5 p.m.28 views

CVE-2022-20620

Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins...

6.5AI score0.00748EPSS
Exploits0References2
redhat
redhat
added 2021/07/02 12:20 a.m.7 views

jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints.

A flaw was found in the config-file-provider Jenkins plugin. The plugin does not correctly perform permission checks in several HTTP endpoints, as a consequence an attacker with global Job/Configure permission can enumerate system-scoped credentials IDs of credentials stored in Jenkins...

6.5CVSS6.7AI score0.01082EPSS
Exploits0References5
redhat
redhat
added 2021/06/22 7:58 a.m.3 views

jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints.

A flaw was found in the config-file-provider Jenkins plugin. The plugin does not correctly perform permission checks in several HTTP endpoints, as a consequence an attacker with global Job/Configure permission can enumerate system-scoped credentials IDs of credentials stored in Jenkins...

6.5CVSS6.7AI score0.01082EPSS
Exploits0References5
prion
prion
added 2021/06/10 3:15 p.m.20 views

Information disclosure

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...

4CVSS4.4AI score0.00949EPSS
Exploits0References2Affected Software1
prion
prion
added 2021/06/10 3:15 p.m.22 views

Design/Logic Flaw

Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4CVSS4.8AI score0.0164EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder