CVE-2021-21646

Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...

CVE-2021-21646

Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...

CVE-2021-21646

Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...

CVE-2021-21646

The CVE-2021-21646 entry concerns the Jenkins Templating Engine Plugin, version 2.1 and earlier. The underlying issue is failure to protect pipeline configurations with the Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the Jenkins controller...

Jenkins Templating Engine Plugin 安全漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins Templating Engine Plugin in version 2.1 and earlier versions of a security vulnerability , the vulnerability...

Remote code execution

Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...

CVE-2020-2121

Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...

CVE-2019-16546

Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks...

CVE-2019-16548

A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineClouddoProvision could be used to provision new agents...

CVE-2019-16548

A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineClouddoProvision could be used to provision new agents...

CVE-2019-16548

A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineClouddoProvision could be used to provision new agents...

CVE-2019-16548

A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineClouddoProvision could be used to provision new agents...

CVE-2019-16548

CVE-2019-16548 concerns the Jenkins Google Compute Engine Plugin (up to v4.1.1). The vulnerability is a CSRF flaw in ComputeEngineCloud#doProvision that could be abused to provision new agents without proper authorization. Impact is exposure of administrative actions (agent provisioning) via CSRF...

CVE-2019-16547

CVE-2019-16547 affects the Jenkins Google Compute Engine Plugin (versions up to 4.1.1). The issue is missing permission checks on several API endpoints, allowing users with Overall/Read to obtain limited information about the plugin configuration and environment. In practice, the impact is inform...

CVE-2019-10445

CVE-2019-10445 affects the Jenkins Google Kubernetes Engine Plugin (versions ≤ 0.7.0). A missing permission check enables users with Overall/Read to obtain limited information about a credential’s scope by supplying a credentials ID. The issue is specifically a disclosure vulnerability within the...

CVE-2019-10365

The CVE-2019-10365 entry concerns Jenkins Google Kubernetes Engine Plugin (versions 0.6.2 and earlier). The underlying issue is that the plugin creates a temporary file containing a temporary access token in the project workspace, exposing it to users with Job/Read permission. Documents from RH R...

PT-2019-11761 · Jenkins · Jenkins Google Kubernetes Engine Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Google Kubernetes Engine Plugin versions 0.6.2 and earlier Description: The issue concerns the creation of a temporary file containing a temporary access token in the project workspace, which could be accessed by users with Job/Read...

ForeScout CounterACT SecureConnector agent is vulnerable to privilege escalation

Overview On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint by causing the SecureConnector agent to execute arbitrary code. Description On Windows endpoints, the...

E107 BLOG Engine Plugin Remote SQL Injection (CVE-2008-6438)

An SQL injection vulnerability has been reported in E107coders Macguru Blog Engine Plugin. An attacker could exploit this vulnerability via the uid parameter. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...