Lucene search
K

375 matches found

NVD
NVD
added 2022/07/27 3:15 p.m.31 views

CVE-2022-36891

A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs...

4.3CVSS0.00486EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/07/27 3:15 p.m.3 views

CVE-2022-36889

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service...

8.8CVSS5.9AI score0.01453EPSS
Exploits0References3
NVD
NVD
added 2022/07/27 3:15 p.m.12 views

CVE-2022-36890

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

4.3CVSS0.00995EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/07/27 3:15 p.m.4 views

CVE-2022-36890

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

4.3CVSS5.8AI score0.00995EPSS
Exploits0References3
OSV
OSV
added 2022/07/27 3:15 p.m.5 views

CVE-2022-36889

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service...

8.8CVSS5.9AI score0.01453EPSS
Exploits0References2
OSV
OSV
added 2022/07/27 3:15 p.m.5 views

CVE-2022-36890

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

4.3CVSS5.8AI score0.00995EPSS
Exploits0References2
OSV
OSV
added 2022/07/27 3:15 p.m.3 views

CVE-2022-36891

A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs...

4.3CVSS5.8AI score0.00486EPSS
Exploits0References2
NVD
NVD
added 2022/07/27 3:15 p.m.33 views

CVE-2022-36889

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service...

8.8CVSS0.01453EPSS
Exploits0References2
Prion
Prion
added 2022/07/27 3:15 p.m.16 views

Design/Logic Flaw

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service...

6.5CVSS8.7AI score0.01453EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/07/27 3:15 p.m.26 views

Default credentials

A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

4CVSS6.3AI score0.00668EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/07/27 3:15 p.m.24 views

Design/Logic Flaw

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

4CVSS4.4AI score0.00995EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/07/27 3:15 p.m.19 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

4.3CVSS6.4AI score0.00479EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/07/27 3:15 p.m.16 views

Design/Logic Flaw

A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system ...

4CVSS6.3AI score0.00699EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/07/27 3:15 p.m.15 views

Information disclosure

A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs...

4CVSS4.3AI score0.00486EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/07/27 3:15 p.m.23 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an...

4.3CVSS6.5AI score0.00479EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/07/27 2:26 p.m.94 views

CVE-2022-36909

CVE-2022-36909 : A missing permission check in the Jenkins OpenShift Deployer Plugin (versions 1.2.0 and earlier) allows a user with Overall/Read to determine the existence of an attacker-specified file path on the Jenkins controller filesystem and to upload an SSH key file from the controller fi...

6.5CVSS6.3AI score0.00699EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/07/27 2:26 p.m.30 views

CVE-2022-36909

A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system ...

6.9AI score0.00699EPSS
Exploits0References2
CVE
CVE
added 2022/07/27 2:26 p.m.90 views

CVE-2022-36908

The CVE-2022-36908 entry relates to a CSRF vulnerability in Jenkins OpenShift Deployer Plugin (versions 1.2.0 and earlier). The issue, described in multiple sources, allows an attacker to check for the existence of an attacker-specified file path on the Jenkins controller filesystem and to upload...

6.5CVSS6.4AI score0.00479EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/07/27 2:26 p.m.35 views

CVE-2022-36908

A cross-site request forgery CSRF vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an...

7.1AI score0.00479EPSS
Exploits0References2
CVE
CVE
added 2022/07/27 2:26 p.m.94 views

CVE-2022-36907

CVE-2022-36907 : Affected product is Jenkins OpenShift Deployer Plugin versions ≤ 1.2.0. The underlying issue is a missing permission check in a form-validation path, which allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and ...

6.5CVSS6.3AI score0.00668EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder