17 matches found
CVE-2021-21632
A missing permission check in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
CVE-2021-21633
A cross-site request forgery CSRF vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
GHSA-XFRW-PCMC-R2P3 Missing permission checks in Jenkins OWASP Dependency-Track Plugin allow capturing credentials
Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...
GHSA-V7XH-H48C-XW5F CSRF vulnerability and in Jenkins OWASP Dependency-Track Plugin allow capturing credentials
Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...
CloudBees Jenkins OWASP Dependency-Track Plugin Cross-Site Request Forgery Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site request forgery...
CloudBees Jenkins OWASP Dependency-Track Plugin Improper Authorization Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An improper authorization...
CVE-2021-21633
A cross-site request forgery CSRF vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
CVE-2021-21633
A cross-site request forgery CSRF vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
Information disclosure
A missing permission check in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
CVE-2021-21633
A cross-site request forgery CSRF vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
CVE-2021-21633
A cross-site request forgery CSRF vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
CVE-2021-21633
Summary (CVE-2021-21633) : A CSRF vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows an attacker to connect to an attacker-specified URL and capture credentials stored in Jenkins. The issue can be exploited by users with Overall/Read permission and does not require PO...
CVE-2021-21633
A cross-site request forgery CSRF vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
CVE-2021-21632
The CVE-2021-21632 issue affects Jenkins OWASP Dependency-Track Plugin (3.1.0 and earlier). The root cause is missing permission checks in several HTTP endpoints, allowing attackers with Overall/Read to connect to an attacker-specified URL and capture credentials stored in Jenkins (including Secr...
Jenkins OWASP Dependency-Track 跨站请求伪造漏洞
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site request forgery...
PT-2021-14676 · Jenkins · Jenkins Owasp Dependency-Track Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins OWASP Dependency-Track Plugin versions 3.1.0 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins. The issue arises...
PT-2021-14675 · Jenkins · Jenkins Owasp Dependency-Track Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins OWASP Dependency-Track Plugin versions 3.1.0 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in...