2314 matches found
Octopus Deploy SQL注入漏洞
Octopus Deploy is an automation tool for .NET, Java, and other application development and deployment from Octopus Deploy Australia. An SQL injection vulnerability exists in Octopus Server that stems from the data provided by a user in an Events REST API request not being properly parameterized...
Jenkins Cross-Site Request Forgery Vulnerability (CNVD-2021-49068)
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . The Jenkins XebiaLabs XL Deploy Plugin suffers from a cross-site request forgery vulnerability that stems from a...
CVE-2021-21662
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...
CVE-2021-21665
A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...
CVE-2021-21663
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in...
CVE-2021-21664
An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored i...
CVE-2021-21663
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in...
CVE-2021-21665
A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...
CVE-2021-21662
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...
Default credentials
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in...
Information disclosure
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...
CVE-2021-21665
A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...
CVE-2021-21665
CVE-2021-21665 is a CSRF vulnerability in the Jenkins XebiaLabs XL Deploy Plugin (versions 10.0.1 and earlier). The issue allows an attacker to have the Jenkins server connect to an attacker-controlled URL using attacker-selected credential IDs, which can result in leakage of stored credentials (...
CVE-2021-21665
A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...
CVE-2021-21663
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in...
CVE-2021-21664
An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored i...
CVE-2021-21663
CVE-2021-21663 affects the Jenkins XebiaLabs XL Deploy Plugin
CVE-2021-21664
CVE-2021-21664 affects the Jenkins XebiaLabs XL Deploy Plugin up to version 10.0.1, where an incorrect permission check allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs, enabling access to username/password credential...
CVE-2021-21663
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in...