73 matches found
CVE-2022-27211
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkin...
CVE-2022-27211
CVE-2022-27211 : Jenkins Kubernetes Continuous Deploy Plugin ≤ 2.3.1 suffers a missing permission check that lets users with Overall/Read access connect to an attacker‑specified SSH server using attacker‑specified credentials IDs, enabling capture of credentials stored in Jenkins. Red Hat and OSV...
CVE-2022-27211
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkin...
CVE-2022-27210
A cross-site request forgery CSRF vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-27210
CVE-2022-27210 : A CSRF vulnerability in the Jenkins Kubernetes Continuous Deploy Plugin (versions up to and including 2.3.1) allows an attacker to cause Jenkins to connect to an attacker-specified SSH server using credentials IDs obtained through another method, thereby capturing credentials sto...
CVE-2022-27209
CVE-2022-27209 : Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier is affected by a missing permission check on HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs stored in Jenkins, exposing credential identifiers. Root cause: inadequate ac...
CVE-2022-27208
Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller...
CVE-2022-27208
CVE-2022-27208 affects the Jenkins Kubernetes Continuous Deploy Plugin (versions ≤ 2.3.1). It allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller, exposing sensitive data. The vulnerability is corroborated across NVD/OSV/Red Hat entries with CVSSv3.1 ...
Jenkins Kubernetes Continuous Deploy Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability can be exploited by an attacker with Overall/Read privilege...
PT-2022-18299 · Jenkins · Jenkins Kubernetes Continuous Deploy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes Continuous Deploy Plugin versions 2.3.1 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified...
Jenkins Kubernetes Continuous Deploy Plugin 权限许可和访问控制问题漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.The Jenkins Kubernetes Continuous Deploy...
Jenkins Kubernetes Continuous Deploy Plugin 路径遍历漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.The Jenkins Kubernetes Continuous Deploy...
PT-2022-18298 · Jenkins · Jenkins Kubernetes Continuous Deploy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes Continuous Deploy Plugin versions 2.3.1 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs, potentially...
PT-2022-18295 · Jenkins · Jenkins Kubernetes Continuous Deploy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes Continuous Deploy Plugin versions 2.3.1 and earlier Description: The issue allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller. This is a significant security concern as it...
Jenkins Cross-Site Request Forgery Vulnerability (CNVD-2021-49068)
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . The Jenkins XebiaLabs XL Deploy Plugin suffers from a cross-site request forgery vulnerability that stems from a...
CVE-2021-21663
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in...
CVE-2021-21665
A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...
CVE-2021-21664
An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored i...
CVE-2021-21662
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...
CVE-2021-21665
A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...