5 matches found
Jenkins OpenID Plugin CSRF vulnerability
A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method allows attackers to initiate a connection to an attacker-specified server...
Information disclosure
A missing permission check in Jenkins PAM Authentication Plugin 1.5 and earlier, except 1.4.1 in PamSecurityRealm.DescriptorImpldoTest allowed users with Overall/Read permission to obtain limited information about the file /etc/shadow and the user Jenkins is running as...
CVE-2019-1003099
A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
CVE-2019-10289
A cross-site request forgery vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpldoValidateAPI form validation method allowed attackers to initiate a connection to an attacker-specified server...