Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2022/01/24 6:5 p.m.81 views

CVE-2022-20616

A missing permissions validation vulnerability was found in the Jenkins Credentials Binding plugin. The form validation method does not perform a permission check which allows attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it’s a z...

4.3CVSS4.2AI score0.00852EPSS
Exploits0References4
vulnersosv
vulnersosv
added 2022/01/13 12:1 a.m.5 views

com.nirima:docker-plugin (>=0.17 <=1.0.4), com.testinium.jenkins:testinium (=1.0) +39 more potentially affected by CVE-2022-20616 via org.jenkins-ci.plugins:credentials-binding (>=1.10 <=1.24)

org.jenkins-ci.plugins:credentials-binding MAVEN version =1.10, =0.17, =1.0.43, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-1, =1.2.7, =0.1.0, =0.1.1, =0.4.2 and more Source cves: CVE-2022-20616 Source advisory: OSV:GHSA-GQM2-2GCX-P88W...

4.3CVSS5.8AI score0.00852EPSS
Exploits0
attackerkb
attackerkb
added 2022/01/12 8:15 p.m.10 views

CVE-2022-20616

Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file...

4.3CVSS5.8AI score0.00852EPSS
Exploits0References3
cve
cve
added 2022/01/12 7:5 p.m.126 views

CVE-2022-20616

CVE-2022-20616 refers to the Jenkins Credentials Binding Plugin (version ≤ 1.27) where a missing permission check in the form-validation method allows users with Overall/Read access to determine whether a given credential ID points to a secret file credential and whether it is a ZIP file. The des...

4.3CVSS4.3AI score0.00852EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder