364 matches found
PT-2019-11831 · Jenkins · Jenkins Crx Content Package Deployer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins CRX Content Package Deployer Plugin versions 1.8.1 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...
wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default
It was found that Wildfly users had default user permissions set incorrectly. A malicious user could use this flaw to access unauthorized controls for the application server...
wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default
It was found that Wildfly users had default user permissions set incorrectly. A malicious user could use this flaw to access unauthorized controls for the application server...
CloudBees Jenkins WildFly Deployer Plugin Trust Management Issue Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . WildFly Deployer Plugin is used in which an...
CloudBees Jenkins OpenShift Deployer Plugin Authorization Issues Vulnerability
CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. company CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks.OpenShift Deployer Plugin is used in one of the...
CloudBees Jenkins WebSphere Deployer Plugin Trust Management Issue Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . WebSphere Deployer Plugin is used in which a...
JShielder v2.4 - Hardening Script For Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark G
JSHielder is an Open Source Bash Script developed to help SysAdmin and developers secure there Linux Servers in which they will be deploying any web application or services. This tool automates the process of installing all the necessary packages to host a web application and Hardening a Linux...
CloudBees Jenkins OpenShift Deployer Plugin Cross-Site Request Forgery Vulnerability
CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. company CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks.OpenShift Deployer Plugin is used in one of the...
CVE-2019-1003081
A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptordoCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
CVE-2019-1003072
Jenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-1003080
A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptordoCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server...
CVE-2019-1003081
A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptordoCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
CVE-2019-1003080
A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptordoCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server...
CVE-2019-1003056
Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptordoCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server...
CVE-2019-1003056
Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-1003072
The CVE-2019-1003072 entry concerns the Jenkins WildFly Deployer Plugin which stores credentials unencrypted in job config.xml files on the Jenkins master. This exposure allows viewing by users with Extended Read permission or anyone with access to the master file system. Connected documents corr...
CVE-2019-1003081
A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptordoCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
CVE-2019-1003080
Summary: CVE-2019-1003080 is a cross-site request forgery in the Jenkins OpenShift Deployer Plugin. The issue resides in DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation, permitting an attacker to cause the plugin to connect to an attacker‑specified server. Public source...
CVE-2019-1003081
The CVE describes a missing permission check in the Jenkins OpenShift Deployer Plugin, specifically in DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation. Attackers with Overall/Read permission can trigger a connection to an attacker‑specified server, enabling potential un...