122 matches found
Jenkins WildFly Deployer Plugin vulnerable to path traversal
Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. This vulnerability is only exploitable in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. See the LTS upgrade guide...
CVE-2022-41235
Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system...
CVE-2022-41235
CVE-2022-41235 applies to the Jenkins WildFly Deployer Plugin, affected through version 1.0.2 and earlier. The vulnerability allows an agent process to read arbitrary files on the Jenkins controller filesystem due to its path traversal/read-access behavior. The available documents do not specify ...
CVE-2022-41235
Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system...
PT-2022-25751 · Jenkins · Jenkins Wildfly Deployer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins WildFly Deployer Plugin versions 1.0.2 and earlier Description: The issue allows agent processes to read arbitrary files on the Jenkins controller file system. This is only exploitable in certain versions of Jenkins, specifically 2.31...
The vulnerability of the Controller File System Handler component of the Jenkins OpenShift Deployer Plugin allows a perpetrator to perform arbitrary actions on a vulnerable device.
The vulnerability of the Controller File System Handler component in the Jenkins OpenShift Deployer Plugin is related to insufficient validation of the authenticity of executed requests. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions on the vulnerable device b...
org.jenkins-ci.plugins:cloudbees-deployer-plugin (=6.0) potentially affected by CVE-2022-36891 via org.jenkins-ci.plugins:deployer-framework (=1.0)
org.jenkins-ci.plugins:deployer-framework MAVEN version =1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:deployer-framework and may be impacted: - org.jenkins-ci.plugins:cloudbees-deployer-plugin =6.0 Source cves:...
org.jenkins-ci.plugins:cloudbees-deployer-plugin (=6.0) potentially affected by CVE-2022-36890 via org.jenkins-ci.plugins:deployer-framework (=1.0)
org.jenkins-ci.plugins:deployer-framework MAVEN version =1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:deployer-framework and may be impacted: - org.jenkins-ci.plugins:cloudbees-deployer-plugin =6.0 Source cves:...
GHSA-78FG-PVGG-6G3R Missing permission check in Jenkins OpenShift Deployer Plugin
OpenShift Deployer Plugin 1.2.0 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key fi...
GHSA-JVJH-9R4Q-8Q5Q Missing permission check in Jenkins OpenShift Deployer Plugin
OpenShift Deployer Plugin 1.2.0 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...
CSRF vulnerability in Jenkins OpenShift Deployer Plugin
OpenShift Deployer Plugin 1.2.0 and earlier does not perform permission checks in methods implementing form validation. These form validation methods do not require POST requests, resulting in a cross-site request forgery CSRF vulnerability...
CSRF vulnerability in Jenkins OpenShift Deployer Plugin
OpenShift Deployer Plugin 1.2.0 and earlier does not perform a permission check in a method implementing form validation. This form validation method does not require POST requests, resulting in a cross-site request forgery CSRF vulnerability...
Missing permission check in Jenkins OpenShift Deployer Plugin
OpenShift Deployer Plugin 1.2.0 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...
CVE-2022-36908
A cross-site request forgery CSRF vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an...
CVE-2022-36909
A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system ...
CVE-2022-36907
A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...
CVE-2022-36908
A cross-site request forgery CSRF vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an...
CVE-2022-36907
A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...
CVE-2022-36906
A cross-site request forgery CSRF vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...
CVE-2022-36906
A cross-site request forgery CSRF vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...