Lucene search
K

66 matches found

NVD
NVD
added 2019/06/11 2:29 p.m.32 views

CVE-2019-10335

A stored cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier allowed attackers able to configure jobs in Jenkins or control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in the plugin-provided output on build status pages...

5.4CVSS5.2AI score0.01133EPSS
Exploits0References3
OSV
OSV
added 2019/06/11 2:29 p.m.16 views

CVE-2019-10333

Missing permission checks in Jenkins ElectricFlow Plugin 1.1.5 and earlier in various HTTP endpoints allowed users with Overall/Read access to obtain information about the Jenkins ElectricFlow Plugin configuration and configuration of connected ElectricFlow instances...

4.3CVSS6.2AI score
Exploits0References3
OSV
OSV
added 2019/06/11 2:29 p.m.12 views

CVE-2019-10332

A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in ConfigurationdoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS6.6AI score
Exploits0References3
NVD
NVD
added 2019/06/11 2:29 p.m.26 views

CVE-2019-10333

Missing permission checks in Jenkins ElectricFlow Plugin 1.1.5 and earlier in various HTTP endpoints allowed users with Overall/Read access to obtain information about the Jenkins ElectricFlow Plugin configuration and configuration of connected ElectricFlow instances...

4.3CVSS4.3AI score0.01353EPSS
Exploits0References3
OSV
OSV
added 2019/06/11 2:29 p.m.15 views

CVE-2019-10335

A stored cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier allowed attackers able to configure jobs in Jenkins or control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in the plugin-provided output on build status pages...

5.4CVSS5.7AI score
Exploits0References3
NVD
NVD
added 2019/06/11 2:29 p.m.44 views

CVE-2019-10332

A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in ConfigurationdoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS4.5AI score0.01829EPSS
Exploits0References3
OSV
OSV
added 2019/06/11 2:29 p.m.18 views

CVE-2019-10334

Jenkins ElectricFlow Plugin 1.1.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM when MultipartUtility.java is used to upload files...

6.5CVSS6.8AI score
Exploits0References3
OSV
OSV
added 2019/06/11 2:29 p.m.18 views

CVE-2019-10331

A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in ConfigurationdoTestConnection allowed attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS6.6AI score
Exploits0References3
CVE
CVE
added 2019/06/11 1:15 p.m.60 views

CVE-2019-10332

The CVE-2019-10332 entry affects Jenkins ElectricFlow Plugin versions up to 1.1.5 and earlier. The underlying issue is a missing permission check in Configuration#doTestConnection, allowing users with Overall/Read access to initiate a connection to an attacker-specified URL using attacker-specifi...

4.3CVSS4.4AI score0.01829EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/06/11 1:15 p.m.26 views

CVE-2019-10334

Jenkins ElectricFlow Plugin 1.1.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM when MultipartUtility.java is used to upload files...

6.5AI score0.01303EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/06/11 1:15 p.m.24 views

CVE-2019-10331

A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in ConfigurationdoTestConnection allowed attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.5AI score0.01058EPSS
Exploits0References3
CVE
CVE
added 2019/06/11 1:15 p.m.60 views

CVE-2019-10333

The provided connected documents confirm a vulnerability in Jenkins ElectricFlow Plugin (versions 1.1.5 and earlier) where missing permission checks on HTTP endpoints allowed users with Overall/Read access to retrieve sensitive information about the plugin configuration and connected ElectricFlow...

4.3CVSS4.3AI score0.01353EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2019/06/11 1:15 p.m.62 views

CVE-2019-10336

CVE-2019-10336 describes a reflected cross-site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.6 and earlier. The issue arises when an attacker can influence the output of the ElectricFlow API, enabling injection of arbitrary HTML and JavaScript into job configuration forms that inclu...

6.1CVSS6AI score0.01375EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2019/06/11 1:15 p.m.70 views

CVE-2019-10334

CVE-2019-10334 affects Jenkins ElectricFlow Plugin versions 1.1.5 and earlier. The vulnerability arises because MultipartUtility.java uploads can cause the plugin to disable SSL/TLS and hostname verification globally for the Jenkins master JVM, exposing connections to untrusted servers. Impact is...

6.5CVSS6.4AI score0.01303EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2019/06/11 1:15 p.m.65 views

CVE-2019-10335

CVE-2019-10335 affects Jenkins ElectricFlow Plugin (1.1.5 and earlier). The stored XSS arises from lack of proper escaping of user content in build-status outputs, allowing attackers with Job/Configure permissions or those controlling ElectricFlow API responses to inject arbitrary HTML/JavaScript...

5.4CVSS5.2AI score0.01133EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/06/11 1:15 p.m.31 views

CVE-2019-10332

A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in ConfigurationdoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials...

4.5AI score0.01829EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/06/11 1:15 p.m.29 views

CVE-2019-10333

Missing permission checks in Jenkins ElectricFlow Plugin 1.1.5 and earlier in various HTTP endpoints allowed users with Overall/Read access to obtain information about the Jenkins ElectricFlow Plugin configuration and configuration of connected ElectricFlow instances...

4.3AI score0.01353EPSS
Exploits0References3
CVE
CVE
added 2019/06/11 1:15 p.m.78 views

CVE-2019-10331

CVE-2019-10331 affects Jenkins ElectricFlow Plugin 1.1.5 and earlier. The vulnerability stems from a missing permission check in a form validation method (Configuration#doTestConnection), enabling CSRF to trigger a connection test to an attacker-specified URL using attacker-specified credentials....

4.3CVSS4.5AI score0.01058EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/06/11 1:15 p.m.31 views

CVE-2019-10336

A reflected cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.6 and earlier allowed attackers able to control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in job configuration forms containing post-build steps provided by this plugin...

6AI score0.01375EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/06/11 1:15 p.m.33 views

CVE-2019-10335

A stored cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier allowed attackers able to configure jobs in Jenkins or control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in the plugin-provided output on build status pages...

5.2AI score0.01133EPSS
Exploits0References3
Rows per page
Query Builder