9239 matches found
CVE-2019-10341
A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...
CVE-2019-10342
A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
CVE-2019-10340
A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...
CVE-2019-10340
A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...
CVE-2019-10341
A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...
CVE-2019-10342
A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...
Design/Logic Flaw
A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...
Information disclosure
A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
CVE-2019-10341
A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...
CVE-2019-10340
A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...
CVE-2019-10342
A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
CVE-2019-10341
Summary: CVE-2019-10341 affects Jenkins Docker Plugin 1.1.6 and earlier. A missing permission check in the DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker‑specified URL using attacker‑specified credentials IDs, potentially capturing crede...
CVE-2019-10340
Jenkins Docker Plugin ≤ 1.1.6 is affected by a cross-site request forgery via DockerAPI.DescriptorImpl#doTestConnection. The vulnerability allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing credentials stor...
CVE-2019-10342
CVE-2019-10342 describes a missing permission check in the Jenkins Docker Plugin (versions 1.1.6 and earlier) that allows users with Overall/Read access to enumerate credentials IDs stored in Jenkins via various fillCredentialsIdItems methods. The issue originates from inadequate authorization in...
Echidna - Ethereum Fuzz Testing Framework
Echidna is a weird creature that eats bugs and is highly electrosensitive with apologies to Jacob Stanley More seriously, Echidna is a Haskell library designed for fuzzing/property-based testing of EVM code. It supports relatively sophisticated grammar-based fuzzing campaigns to falsify a variety...
PT-2019-11741 · Jenkins · Jenkins Docker Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Docker Plugin versions 1.1.6 and earlier Description: A missing permission check in the Jenkins Docker Plugin allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. This issue is related t...
PT-2019-11739 · Jenkins · Jenkins Docker Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Docker Plugin versions 1.1.6 and earlier Description: A cross-site request forgery issue allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing...
PT-2019-11740 · Jenkins · Jenkins Docker Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Docker Plugin versions 1.1.6 and earlier Description: A missing permission check in the DockerAPI.DescriptorImpldoTestConnection function allowed users with Overall/Read access to connect to an attacker-specified URL using...
Microsoft Releases July 2019 Security Updates, 2 Flaws Under Active Attack
Microsoft today released its monthly batch of software security updates for the July month to patch a total of 77 vulnerabilities, 14 are rated Critical, 62 are Important, and 1 is rated Moderate in severity. The July 2019 security updates include patches for various supported versions of Windows...