Lucene search
+L

115 matches found

osv
osv
added 2023/07/19 6:30 p.m.19 views

GHSA-27PR-R7HM-C2RC Missing permission check in Jenkins Dimensions Plugin allows enumerating credentials IDs

Dimensions Plugin 0.9.3 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...

4.2CVSS5.2AI score0.00625EPSS
Exploits0References5
github
github
added 2023/07/19 6:30 p.m.22 views

Missing permission check in Jenkins Dimensions Plugin allows enumerating credentials IDs

Dimensions Plugin 0.9.3 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...

6.5CVSS6.4AI score0.00625EPSS
Exploits0References6Affected Software1
vulnrichment
vulnrichment
added 2023/07/12 3:53 p.m.32 views

CVE-2023-37965

A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.4AI score0.00745EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2023/07/12 3:52 p.m.16 views

CVE-2023-37949

A missing permission check in Jenkins Orka by MacStadium Plugin 1.33 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.4AI score0.00624EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/07/12 12:0 a.m.6 views

PT-2023-26196 · Macstadium +1 · Jenkins Orka By Macstadium Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Orka by MacStadium Plugin versions 1.33 and earlier Description: A missing permission check in the Jenkins Orka by MacStadium Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using...

7.1CVSS6.7AI score0.00624EPSS
Exploits0References6
github
github
added 2023/06/14 3:30 p.m.26 views

Jenkins Digital.ai App Management Publisher Plugin missing permission checks

Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

6.5CVSS6.5AI score0.00658EPSS
Exploits0References4Affected Software1
osv
osv
added 2023/06/14 3:30 p.m.30 views

GHSA-R72X-2H45-P59X Jenkins Digital.ai App Management Publisher Plugin vulnerable to Cross-Site Request Forgery

Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

4.2CVSS5.5AI score0.00452EPSS
Exploits0References4
osv
osv
added 2023/06/14 3:30 p.m.16 views

GHSA-5GHV-WXH9-7356 Jenkins Digital.ai App Management Publisher Plugin missing permission checks

Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

4.2CVSS5.5AI score0.00658EPSS
Exploits0References3
osv
osv
added 2023/05/16 4:15 p.m.20 views

CVE-2023-32989

A cross-site request forgery CSRF vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method...

8.8CVSS7AI score
Exploits0References1
ptsecurity
ptsecurity
added 2023/05/16 12:0 a.m.13 views

PT-2023-24123 · Jenkins · Jenkins Azure Vm Agents Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Azure VM Agents Plugin versions 852.v8d35f0960a 43 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using...

6.5CVSS6.3AI score0.00578EPSS
Exploits0References4
nvd
nvd
added 2023/04/02 9:15 p.m.29 views

CVE-2023-28673

A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS4.8AI score0.00409EPSS
Exploits0References1
prion
prion
added 2023/04/02 9:15 p.m.16 views

Design/Logic Flaw

Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

4CVSS6.2AI score0.00509EPSS
Exploits0References1Affected Software1
alpinelinux
alpinelinux
added 2023/03/23 11:26 a.m.41 views

CVE-2023-28673

A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.4AI score0.00409EPSS
Exploits0References1
osv
osv
added 2023/02/15 9:30 p.m.20 views

GHSA-PX6V-6JHF-J46R CSRF vulnerability in Synopsys Jenkins Coverity Plugin

A cross-site request forgery CSRF vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

3.5CVSS4.1AI score0.00357EPSS
Exploits0References3
nvd
nvd
added 2023/02/15 7:15 p.m.26 views

CVE-2023-23848

Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS4.5AI score0.0052EPSS
Exploits0References2
cvelist
cvelist
added 2023/02/15 12:0 a.m.23 views

CVE-2023-23848

Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.8AI score0.0052EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2023/02/15 12:0 a.m.28 views

CVE-2023-25766

A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.4AI score0.00511EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2023/02/15 12:0 a.m.29 views

CVE-2023-23847

A cross-site request forgery CSRF vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

3.5CVSS6AI score0.00357EPSS
Exploits0References3
osv
osv
added 2023/01/26 9:30 p.m.34 views

GHSA-HCVF-PFRM-JXGF Cisco Spark Notifier Jenkins Plugin contains Missing Authorization

A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS4.7AI score0.00584EPSS
Exploits0References3
github
github
added 2023/01/26 9:30 p.m.53 views

Jenkins GitHub Pull Request Builder Plugin missing permission check allows enumerating credentials IDs

Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credential...

4.3CVSS4.4AI score0.00661EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder