CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

6.5CVSS6.6AI score0.00218EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:3 p.m.•5 views

CVE-2022-34204

A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server...

4.3CVSS6.5AI score0.00217EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:3 p.m.•4 views

CVE-2022-34203

A cross-site request forgery CSRF vulnerability in Jenkins EasyQA Plugin 1.0 and earlier allows attackers to connect to an attacker-specified HTTP server...

8.8CVSS6.7AI score0.00071EPSS

Exploits0References1

Github Security Blog•added 2022/06/24 12:0 a.m.•28 views

User passwords stored in plain text by Jenkins EasyQA Plugin

EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file EasyQAPluginProperties.xml on the Jenkins controller as part of its configuration. These passwords can be viewed by users with access to the Jenkins controller file system...

6.5CVSS7.6AI score0.00218EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2022/06/24 12:0 a.m.•21 views

Jenkins EasyQA Plugin Missing Authorization vulnerability

Jenkins EasyQA Plugin 1.0 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server. Additionally, this form validation method does not require POST requests, resulti...

4.3CVSS4.8AI score0.00217EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2022/06/24 12:0 a.m.•27 views

Cross-Site Request Forgery in Jenkins EasyQA Plugin

A cross-site request forgery CSRF vulnerability in Jenkins EasyQA Plugin 1.0 and earlier allows attackers to connect to an attacker-specified HTTP server...

8.8CVSS8.7AI score0.00071EPSS

Exploits0References3Affected Software1

OSV•added 2022/06/24 12:0 a.m.•21 views

GHSA-49J4-V37G-5GG2 Jenkins EasyQA Plugin Missing Authorization vulnerability

4.3CVSS4.8AI score0.00217EPSS

Exploits0References3

OSV•added 2022/06/24 12:0 a.m.•22 views

GHSA-G67P-JVVC-QF54 Cross-Site Request Forgery in Jenkins EasyQA Plugin

A cross-site request forgery CSRF vulnerability in Jenkins EasyQA Plugin 1.0 and earlier allows attackers to connect to an attacker-specified HTTP server...

4.3CVSS8.6AI score0.00071EPSS

Exploits0References3

OSV•added 2022/06/24 12:0 a.m.•20 views

GHSA-XCP5-J5FJ-3XP6 User passwords stored in plain text by Jenkins EasyQA Plugin

3.3CVSS6.6AI score0.00218EPSS

Exploits0References3

CNVD•added 2022/06/24 12:0 a.m.•130 views

Jenkins EasyQA Plugin Cross-Site Request Forgery Vulnerability (CNVD-2022-49793)

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plug-ins to support building, deploying, and automating any project. Jenkins EasyQA Plugin 1.0 and earlier versions are vulnerable to cross-site...

8.8CVSS1.1AI score0.00071EPSS

Exploits0References1

CNVD•added 2022/06/24 12:0 a.m.•132 views

Jenkins EasyQA Plugin Cross-Site Request Forgery Vulnerability

4.3CVSS1.1AI score0.00217EPSS

Exploits0References1

CNVD•added 2022/06/24 12:0 a.m.•118 views

Jenkins EasyQA Plugin Information Disclosure Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins EasyQA Plugin 1.0 and prior...

6.5CVSS1.2AI score0.00218EPSS

Exploits0References1

OSV•added 2022/06/23 5:15 p.m.•0 views

CVE-2022-34202

6.5CVSS6.4AI score0.00218EPSS

Exploits0References1

NVD•added 2022/06/23 5:15 p.m.•16 views

CVE-2022-34202

6.5CVSS0.00218EPSS

Exploits0References1

ATTACKERKB•added 2022/06/23 5:15 p.m.•1 views

CVE-2022-34203

A cross-site request forgery CSRF vulnerability in Jenkins EasyQA Plugin 1.0 and earlier allows attackers to connect to an attacker-specified HTTP server...

8.8CVSS6.6AI score0.00071EPSS

Exploits0References2

ATTACKERKB•added 2022/06/23 5:15 p.m.•1 views

CVE-2022-34204

A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server...

4.3CVSS6.3AI score0.00217EPSS

Exploits0References2

NVD•added 2022/06/23 5:15 p.m.•11 views

CVE-2022-34204

A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server...

4.3CVSS0.00217EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by