Lucene search
K

122 matches found

Github Security Blog
Github Security Blog
added 2022/09/22 12:0 a.m.26 views

Jenkins WildFly Deployer Plugin vulnerable to path traversal

Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. This vulnerability is only exploitable in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. See the LTS upgrade guide...

5.3CVSS6.4AI score0.00578EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/09/21 4:15 p.m.5 views

CVE-2022-41235

Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system...

5.3CVSS5.9AI score0.00578EPSS
Exploits0References1
CVE
CVE
added 2022/09/21 3:45 p.m.99 views

CVE-2022-41235

CVE-2022-41235 applies to the Jenkins WildFly Deployer Plugin, affected through version 1.0.2 and earlier. The vulnerability allows an agent process to read arbitrary files on the Jenkins controller filesystem due to its path traversal/read-access behavior. The available documents do not specify ...

5.3CVSS5.2AI score0.00578EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/21 3:45 p.m.2 views

CVE-2022-41235

Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system...

6.7AI score0.00578EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.4 views

PT-2022-25751 · Jenkins · Jenkins Wildfly Deployer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins WildFly Deployer Plugin versions 1.0.2 and earlier Description: The issue allows agent processes to read arbitrary files on the Jenkins controller file system. This is only exploitable in certain versions of Jenkins, specifically 2.31...

6.5CVSS5.1AI score0.00578EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2022/09/12 12:0 a.m.5 views

The vulnerability of the Controller File System Handler component of the Jenkins OpenShift Deployer Plugin allows a perpetrator to perform arbitrary actions on a vulnerable device.

The vulnerability of the Controller File System Handler component in the Jenkins OpenShift Deployer Plugin is related to insufficient validation of the authenticity of executed requests. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions on the vulnerable device b...

5CVSS6.8AI score0.00479EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2022/07/28 12:0 a.m.3 views

org.jenkins-ci.plugins:cloudbees-deployer-plugin (=6.0) potentially affected by CVE-2022-36891 via org.jenkins-ci.plugins:deployer-framework (=1.0)

org.jenkins-ci.plugins:deployer-framework MAVEN version =1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:deployer-framework and may be impacted: - org.jenkins-ci.plugins:cloudbees-deployer-plugin =6.0 Source cves:...

4.3CVSS5.8AI score0.00486EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/07/28 12:0 a.m.5 views

org.jenkins-ci.plugins:cloudbees-deployer-plugin (=6.0) potentially affected by CVE-2022-36890 via org.jenkins-ci.plugins:deployer-framework (=1.0)

org.jenkins-ci.plugins:deployer-framework MAVEN version =1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:deployer-framework and may be impacted: - org.jenkins-ci.plugins:cloudbees-deployer-plugin =6.0 Source cves:...

4.3CVSS5.8AI score0.00995EPSS
Exploits0
OSV
OSV
added 2022/07/28 12:0 a.m.23 views

GHSA-78FG-PVGG-6G3R Missing permission check in Jenkins OpenShift Deployer Plugin

OpenShift Deployer Plugin 1.2.0 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key fi...

5.4CVSS6.6AI score0.00699EPSS
Exploits0References4
OSV
OSV
added 2022/07/28 12:0 a.m.28 views

GHSA-JVJH-9R4Q-8Q5Q Missing permission check in Jenkins OpenShift Deployer Plugin

OpenShift Deployer Plugin 1.2.0 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

4.3CVSS6.5AI score0.00668EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/07/28 12:0 a.m.33 views

CSRF vulnerability in Jenkins OpenShift Deployer Plugin

OpenShift Deployer Plugin 1.2.0 and earlier does not perform permission checks in methods implementing form validation. These form validation methods do not require POST requests, resulting in a cross-site request forgery CSRF vulnerability...

6.5CVSS6.6AI score0.00479EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/28 12:0 a.m.20 views

CSRF vulnerability in Jenkins OpenShift Deployer Plugin

OpenShift Deployer Plugin 1.2.0 and earlier does not perform a permission check in a method implementing form validation. This form validation method does not require POST requests, resulting in a cross-site request forgery CSRF vulnerability...

6.5CVSS6.6AI score0.00479EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/28 12:0 a.m.42 views

Missing permission check in Jenkins OpenShift Deployer Plugin

OpenShift Deployer Plugin 1.2.0 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

6.5CVSS6.5AI score0.00668EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/07/27 3:15 p.m.37 views

CVE-2022-36908

A cross-site request forgery CSRF vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an...

6.5CVSS0.00479EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/07/27 3:15 p.m.3 views

CVE-2022-36909

A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system ...

6.5CVSS5.8AI score0.00699EPSS
Exploits0References4
NVD
NVD
added 2022/07/27 3:15 p.m.49 views

CVE-2022-36907

A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

6.5CVSS0.00668EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/07/27 3:15 p.m.3 views

CVE-2022-36908

A cross-site request forgery CSRF vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an...

6.5CVSS5.7AI score0.00479EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/07/27 3:15 p.m.4 views

CVE-2022-36907

A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

6.5CVSS5.8AI score0.00668EPSS
Exploits0References4
NVD
NVD
added 2022/07/27 3:15 p.m.28 views

CVE-2022-36906

A cross-site request forgery CSRF vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

6.5CVSS0.00479EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/07/27 3:15 p.m.3 views

CVE-2022-36906

A cross-site request forgery CSRF vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

6.5CVSS5.6AI score0.00479EPSS
Exploits0References4
Rows per page
Query Builder