23 matches found
Missing permission check in Jenkins PaaSLane Estimate Plugin
PaaSLane Estimate Plugin 1.0.4 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token...
GHSA-JQR2-7F24-XRGC Missing permission check in Jenkins PaaSLane Estimate Plugin
PaaSLane Estimate Plugin 1.0.4 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token...
GHSA-V9W3-34XQ-HRJG Tokens stored in plain text by PaaSLane Estimate Plugin
Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
GHSA-G4XM-5MQM-8M32 Cross-Site Request Forgery in Jenkins PaaSLane Estimate Plugin
A cross-site request forgery CSRF vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token...
Cross-Site Request Forgery in Jenkins PaaSLane Estimate Plugin
A cross-site request forgery CSRF vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token...
CVE-2023-50779
Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token...
CVE-2023-50776
Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2023-50776
Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2023-50777
Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2023-50778
A cross-site request forgery CSRF vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token...
CVE-2023-50779
Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token...
CVE-2023-50778
A cross-site request forgery CSRF vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token...
CVE-2023-50779
Summary of CVE-2023-50779 : Jenkins PaaSLane Estimate Plugin, versions 1.0.4 and earlier, has missing permission checks in multiple HTTP endpoints. This flaw allows attackers with Overall/Read permission to connect to an attacker‑specified URL using an attacker‑specified token. The NVD entry docu...
CVE-2023-50778
CVE-2023-50778 describes a CSRF vulnerability in the Jenkins PaaSLane Estimate Plugin, affecting version 1.0.4 and earlier. According to Red Hat and other connected sources, an attacker can cause the Jenkins controller to connect to an attacker-specified URL while using an attacker-specified toke...
CVE-2023-50778
A cross-site request forgery CSRF vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token...
CVE-2023-50777
CVE-2023-50777 affects Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier. The root cause is that authentication tokens used by PaaSLane are not masked when shown on the job configuration form, enabling observers to view/capture tokens. The Red Hat entry and Nessus-based advisories corroborate th...
CVE-2023-50777
Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2023-50776
CVE-2023-50776 affects Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier. The vulnerability arises from storing PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller, enabling visibility to users with Item/Extended Read permission or someone with filesystem...
Jenkins PaaSLane Estimate Plugin Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...