364 matches found
wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default
It was found that Wildfly users had default user permissions set incorrectly. A malicious user could use this flaw to access unauthorized controls for the application server...
wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default
It was found that Wildfly users had default user permissions set incorrectly. A malicious user could use this flaw to access unauthorized controls for the application server...
Unspecified Vulnerability in CloudBees Jenkins CRX Content Package Deployer Plugin (CNVD-2019-42835)
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . CRX Content Package Deployer Plugin is used in...
Unspecified Vulnerability in CloudBees Jenkins CRX Content Package Deployer Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . CRX Content Package Deployer Plugin is used in...
CloudBees Jenkins CRX Content Package Deployer Plugin Cross-Site Request Forgery Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . CRX Content Package Deployer Plugin is used in...
CVE-2019-10437
A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-10439
A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
CVE-2019-10437
A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-10439
A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
Design/Logic Flaw
A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-10439
A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
CVE-2019-10438
A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-10438
Jenkins CRX Content Package Deployer Plugin suffered a missing permission check in versions 1.8.1 and earlier, allowing attackers with Overall/Read to connect to an attacker-specified URL using attacker-specified credentials IDs retrieved through another method, thereby capturing credentials stor...
CVE-2019-10439
The CVE-2019-10439 issue affects Jenkins CRX Content Package Deployer Plugin, with vulnerable versions ≤ 1.8.1. A missing permission check in various doFillCredentialsIdItems methods allows users with Overall/Read access to enumerate credentials IDs stored in Jenkins. Exploitation context is not ...
CVE-2019-10437
A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-10437
The CVE-2019-10437 vulnerability affects Jenkins CRX Content Package Deployer Plugin versions 1.8.1 and earlier. It is a cross-site request forgery (CSRF) issue in which an attacker can cause a Jenkins instance to connect to an attacker-specified URL using credentials IDs obtained through another...
Authorization Bypass
wildfly-core is vulnerable to authorization bypass. The vulnerability exists as incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user were given by default...
PT-2019-11832 · Jenkins · Jenkins Crx Content Package Deployer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins CRX Content Package Deployer Plugin versions 1.8.1 and earlier Jenkins CRX Content Package Deployer Plugin versions prior to 1.9 Description: A missing permission check in the Jenkins CRX Content Package Deployer Plugin allowed...
PT-2019-11833 · Jenkins · Jenkins Crx Content Package Deployer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins CRX Content Package Deployer Plugin versions 1.8.1 and earlier Jenkins CRX Content Package Deployer Plugin versions prior to 1.9 Description: A missing permission check in the Jenkins CRX Content Package Deployer Plugin in various...