121 matches found
CVE-2022-34795
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Configure permission...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials...
Information disclosure
A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-34799
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2022-34799
CVE-2022-34799 affects Jenkins Deployment Dashboard Plugin versions 1.0.10 and earlier. The vulnerability arises from storing a password unencrypted in the plugin’s global configuration file on the Jenkins controller (specifically de.codecentric.jenkins.dashboard.DashboardView.xml), which can be ...
CVE-2022-34798
CVE-2022-34798 affects Jenkins Deployment Dashboard Plugin (versions 1.0.10 and earlier). The issue is a missing permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. This can ...
CVE-2022-34798
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials...
CVE-2022-34797
Summary (CVE-2022-34797) : Jenkins Deployment Dashboard Plugin versions 1.0.10 and earlier are vulnerable to a cross-site request forgery (CSRF) that lets an attacker connect to an attacker-specified HTTP URL using attacker-specified credentials. The issue is documented across multiple sources (N...
CVE-2022-34797
A cross-site request forgery CSRF vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials...
CVE-2022-34796
CVE-2022-34796 affects Jenkins Deployment Dashboard Plugin 1.0.10 and earlier. The root cause is a missing permission check on several HTTP endpoints, enabling attackers with Overall/Read permission to enumerate credential IDs stored in Jenkins, resulting in information disclosure. Practical impa...
CVE-2022-34796
A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-34795
CVE-2022-34795 affects Jenkins Deployment Dashboard Plugin (versions 1.0.10 and earlier). The vulnerability is a stored XSS due to environment names not being escaped in the Deployment Dashboard view, exploitable by attackers with View/Configure permission. Connected sources confirm the same desc...
PT-2022-22351 · Jenkins · Jenkins Deployment Dashboard Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Deployment Dashboard Plugin versions 1.0.10 and earlier Description: The issue concerns the storage of a password in an unencrypted form in the global configuration file on the Jenkins controller. This file, specifically...
PT-2022-22349 · Jenkins · Jenkins Deployment Dashboard Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Deployment Dashboard Plugin versions 1.0.10 and earlier Description: A cross-site request forgery CSRF issue allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials. Recommendations: For...
Jenkins Plugin Deployment Dashboard 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Deployment Dashboard Plugin versio...
Jenkins Plugin Deployment Dashboard 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...
PT-2022-22347 · Jenkins · Jenkins Deployment Dashboard Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Deployment Dashboard Plugin versions 1.0.10 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because environment names on the Deployment Dashboard view are not properly escape...
PT-2022-22350 · Jenkins · Jenkins Deployment Dashboard Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Deployment Dashboard Plugin versions 1.0.10 and earlier Description: The issue concerns a lack of permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP UR...
CVE-2017-20092 Google Analytics Dashboard Plugin cross site scriting
A vulnerability classified as problematic was found in Google Analytics Dashboard Plugin 2.1.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched remotely...
WordPress hpb Dashboard plugin <= 1.3.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in the WordPress hpb Dashboard plugin versions = 1.3.1. Solution Deactivate and delete. This plugin has been closed as of April 29, 2022 and is not available for download. This closu...