Lucene search
K

121 matches found

NVD
NVD
added 2022/06/30 6:15 p.m.17 views

CVE-2022-34795

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Configure permission...

5.4CVSS0.00602EPSS
Exploits0References1
Prion
Prion
added 2022/06/30 6:15 p.m.18 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials...

4.3CVSS4.6AI score0.00558EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/06/30 6:15 p.m.18 views

Information disclosure

A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4CVSS4.4AI score0.00684EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/30 5:47 p.m.27 views

CVE-2022-34799

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

5.3AI score0.00557EPSS
Exploits0References1
CVE
CVE
added 2022/06/30 5:47 p.m.278 views

CVE-2022-34799

CVE-2022-34799 affects Jenkins Deployment Dashboard Plugin versions 1.0.10 and earlier. The vulnerability arises from storing a password unencrypted in the plugin’s global configuration file on the Jenkins controller (specifically de.codecentric.jenkins.dashboard.DashboardView.xml), which can be ...

4.3CVSS4.9AI score0.00557EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/06/30 5:47 p.m.280 views

CVE-2022-34798

CVE-2022-34798 affects Jenkins Deployment Dashboard Plugin (versions 1.0.10 and earlier). The issue is a missing permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. This can ...

4.3CVSS5AI score0.00537EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/30 5:47 p.m.27 views

CVE-2022-34798

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials...

5.2AI score0.00537EPSS
Exploits0References1
CVE
CVE
added 2022/06/30 5:47 p.m.282 views

CVE-2022-34797

Summary (CVE-2022-34797) : Jenkins Deployment Dashboard Plugin versions 1.0.10 and earlier are vulnerable to a cross-site request forgery (CSRF) that lets an attacker connect to an attacker-specified HTTP URL using attacker-specified credentials. The issue is documented across multiple sources (N...

4.3CVSS4.9AI score0.00558EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/30 5:47 p.m.23 views

CVE-2022-34797

A cross-site request forgery CSRF vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials...

5.3AI score0.00558EPSS
Exploits0References1
CVE
CVE
added 2022/06/30 5:47 p.m.280 views

CVE-2022-34796

CVE-2022-34796 affects Jenkins Deployment Dashboard Plugin 1.0.10 and earlier. The root cause is a missing permission check on several HTTP endpoints, enabling attackers with Overall/Read permission to enumerate credential IDs stored in Jenkins, resulting in information disclosure. Practical impa...

4.3CVSS4.8AI score0.00684EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/30 5:47 p.m.37 views

CVE-2022-34796

A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

5.2AI score0.00684EPSS
Exploits0References1
CVE
CVE
added 2022/06/30 5:47 p.m.274 views

CVE-2022-34795

CVE-2022-34795 affects Jenkins Deployment Dashboard Plugin (versions 1.0.10 and earlier). The vulnerability is a stored XSS due to environment names not being escaped in the Deployment Dashboard view, exploitable by attackers with View/Configure permission. Connected sources confirm the same desc...

5.4CVSS5.4AI score0.00602EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/06/30 12:0 a.m.6 views

PT-2022-22351 · Jenkins · Jenkins Deployment Dashboard Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Deployment Dashboard Plugin versions 1.0.10 and earlier Description: The issue concerns the storage of a password in an unencrypted form in the global configuration file on the Jenkins controller. This file, specifically...

4.3CVSS4.4AI score0.00557EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/06/30 12:0 a.m.4 views

PT-2022-22349 · Jenkins · Jenkins Deployment Dashboard Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Deployment Dashboard Plugin versions 1.0.10 and earlier Description: A cross-site request forgery CSRF issue allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials. Recommendations: For...

5.4CVSS4.4AI score0.00558EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.6 views

Jenkins Plugin Deployment Dashboard 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Deployment Dashboard Plugin versio...

4.3CVSS5.4AI score0.00558EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.4 views

Jenkins Plugin Deployment Dashboard 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...

5.4CVSS5.6AI score0.00602EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/06/30 12:0 a.m.4 views

PT-2022-22347 · Jenkins · Jenkins Deployment Dashboard Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Deployment Dashboard Plugin versions 1.0.10 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because environment names on the Deployment Dashboard view are not properly escape...

8CVSS5.1AI score0.00602EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/06/30 12:0 a.m.7 views

PT-2022-22350 · Jenkins · Jenkins Deployment Dashboard Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Deployment Dashboard Plugin versions 1.0.10 and earlier Description: The issue concerns a lack of permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP UR...

5.4CVSS4.2AI score0.00537EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/06/24 6:45 a.m.23 views

CVE-2017-20092 Google Analytics Dashboard Plugin cross site scriting

A vulnerability classified as problematic was found in Google Analytics Dashboard Plugin 2.1.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched remotely...

3.5CVSS6AI score0.00614EPSS
Exploits1References2
Patchstack
Patchstack
added 2022/05/09 12:0 a.m.23 views

WordPress hpb Dashboard plugin <= 1.3.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in the WordPress hpb Dashboard plugin versions = 1.3.1. Solution Deactivate and delete. This plugin has been closed as of April 29, 2022 and is not available for download. This closu...

4.8CVSS1AI score0.00565EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder