364 matches found
CVE-2019-16559
A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system...
CVE-2019-16561
Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM...
CVE-2019-16560
A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system...
CVE-2019-16559
A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system...
CVE-2019-16560
Summary (CVE-2019-16560) : A cross-site request forgery vulnerability affects Jenkins WebSphere Deployer Plugin versions 1.6.1 and earlier. The flaw allows an attacker to trigger actions and check whether files with an attacker-specified path exist on the Jenkins master file system via forged req...
CVE-2019-16561
Jenkins WebSphere Deployer Plugin 1.6.1 and earlier: users with Overall/Read access can disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM. Root cause is lack of effective trust management; impact is bypass of certificate checks for all communications. Mitigatio...
CVE-2019-16560
A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system...
CVE-2019-16561
Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM...
CVE-2019-16559
CVE-2019-16559 affects Jenkins WebSphere Deployer Plugin 1.6.1 and earlier. The root cause is a missing permission check in core plugin operations, enabling users with Overall/Read to run connection tests and determine if attacker-specified file paths exist on the Jenkins master file system. Rela...
CVE-2019-16559
A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system...
PT-2019-14716 · Jenkins · Jenkins Websphere Deployer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins WebSphere Deployer Plugin version 1.6.1 and earlier Description: The issue allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM. Recommendations: For Jenkins...
PT-2019-14715 · Jenkins · Jenkins Websphere Deployer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins WebSphere Deployer Plugin version 1.6.1 and earlier Description: A cross-site request forgery issue allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master...
PT-2019-14714 · Jenkins · Jenkins Websphere Deployer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins WebSphere Deployer Plugin versions 1.6.1 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specifie...
wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default
It was found that Wildfly users had default user permissions set incorrectly. A malicious user could use this flaw to access unauthorized controls for the application server...
wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default
It was found that Wildfly users had default user permissions set incorrectly. A malicious user could use this flaw to access unauthorized controls for the application server...
wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default
It was found that Wildfly users had default user permissions set incorrectly. A malicious user could use this flaw to access unauthorized controls for the application server...
wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default
It was found that Wildfly users had default user permissions set incorrectly. A malicious user could use this flaw to access unauthorized controls for the application server...
wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default
It was found that Wildfly users had default user permissions set incorrectly. A malicious user could use this flaw to access unauthorized controls for the application server...
wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default
It was found that Wildfly users had default user permissions set incorrectly. A malicious user could use this flaw to access unauthorized controls for the application server...