33 matches found
CVE-2022-34799
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2022-34797
A cross-site request forgery CSRF vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials...
CVE-2022-34796
A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-34798
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials...
GHSA-V672-5X3H-57QP Cross-site request forgery vulnerability in Jenkins Deployment Dashboard Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs...
CVE-2023-50775
CVE-2023-50775 describes a cross-site request forgery (CSRF) in Jenkins Deployment Dashboard Plugin, affecting version 1.0.10 and earlier. The connected Red Hat advisory and other sources confirm the vulnerability allows attackers to copy jobs on the Jenkins controller when the plugin is in use. ...
CVE-2023-50775
A cross-site request forgery CSRF vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs...
Jenkins Deployment Dashboard Plugin Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Plaintext Storage of a Password in Jenkins Deployment Dashboard Plugin
Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file de.codecentric.jenkins.dashboard.DashboardView.xml on the Jenkins controller as part of its configuration. This password can be viewed by users with access to the Jenkins controller file...
GHSA-X4G7-5XRM-5WMQ Cross-Site Request Forgery in Jenkins Deployment Dashboard Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials...
Cross-Site Request Forgery in Jenkins Deployment Dashboard Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials...
CVE-2022-34797
A cross-site request forgery CSRF vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials...
CVE-2022-34797
A cross-site request forgery CSRF vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials...
CVE-2022-34798
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials...
CVE-2022-34798
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials...
CVE-2022-34796
A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-34795
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Configure permission...
Information disclosure
A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials...
CVE-2022-34799
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...