Lucene search
K

369 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:18 p.m.6 views

CVE-2022-36909

A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system ...

6.5CVSS6.6AI score0.00699EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:13 p.m.7 views

CVE-2022-36906

A cross-site request forgery CSRF vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

6.5CVSS6.8AI score0.00479EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:13 p.m.21 views

CVE-2022-36890

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

4.3CVSS6.6AI score0.00995EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:13 p.m.4 views

CVE-2022-36907

A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

6.5CVSS6.6AI score0.00668EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:9 p.m.7 views

CVE-2022-36891

A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs...

4.3CVSS6.5AI score0.00486EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:53 p.m.9 views

CVE-2022-36889

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service...

8.8CVSS6.8AI score0.01453EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:19 p.m.13 views

CVE-2020-2227

Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability...

5.4CVSS6AI score0.00688EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:7 a.m.32 views

CVE-2019-1003081

A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptordoCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

6.5CVSS6.5AI score0.01536EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:7 a.m.7 views

CVE-2019-1003072

Jenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

8.8CVSS6.7AI score0.01365EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:12 a.m.19 views

CVE-2019-1003080

A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptordoCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.6AI score0.01339EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:1 a.m.18 views

CVE-2019-1003056

Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

8.8CVSS6.7AI score0.01365EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2024/10/07 12:0 a.m.8 views

From Spring Cloud Data Flow 2.11.x to 3.0

Dear Spring Community, With the recent announcement of Spring Framework 7.0 and Spring Boot 4.0, the Spring Cloud Data Flow team is pleased to announce the next major release, SCDF 3.0, to align with both Spring Framework 7.0 and Spring Boot 4.0. This will bring the following SCDF ecosystem of...

7.2AI score
Exploits0
vulnersOsv
vulnersOsv
added 2024/08/23 9:30 a.m.6 views

com.wizzdi:FlexiCore (=7.0.0), org.springframework.boot:spring-boot-jarmode-layertools (>=3.0.0 <=3.0.13) +2 more potentially affected by CVE-2024-38807 via org.springframework.boot:spring-boot-loader (>=3.0.0 <=3.0.13)

org.springframework.boot:spring-boot-loader MAVEN version =3.0.0, =3.0.0, =4.0.0, =4.0.0, =4.0.6 Source cves: CVE-2024-38807 Source advisory: OSV:GHSA-7CJ3-X93G-GJ76...

6.3CVSS7.2AI score0.00123EPSS
Exploits0
OSV
OSV
added 2023/12/13 3:30 p.m.16 views

GHSA-28WG-8GV4-MPJF Broken access control in Silverpeas

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets...

4.9CVSS5AI score0.00632EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2023/12/13 3:30 p.m.24 views

Broken access control in Silverpeas

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets...

4.9CVSS7AI score0.00632EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/12/13 2:15 p.m.3 views

CVE-2023-47321

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets...

4.9CVSS5.8AI score0.00632EPSS
Exploits1References3
NVD
NVD
added 2023/12/13 2:15 p.m.27 views

CVE-2023-47321

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets...

4.9CVSS0.00632EPSS
Exploits1References2
OSV
OSV
added 2023/12/13 2:15 p.m.23 views

CVE-2023-47321

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets...

4.9CVSS5.2AI score0.00632EPSS
Exploits1References2
Prion
Prion
added 2023/12/13 2:15 p.m.23 views

Improper access control

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets...

3.3CVSS7.1AI score0.00632EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/12/13 12:0 a.m.4 views

Silverpeas Security Vulnerabilities

Silverpeas is an open source business collaboration platform. The platform includes applications for project management, blogs, forums, and document management. A security vulnerability exists in Silverpeas Core version 6.3.1, which stems from the vulnerability of the Porlet Deployer to incorrect...

4.9CVSS6.8AI score0.00632EPSS
Exploits1References3
Rows per page
Query Builder