Lucene search
K

64 matches found

Positive Technologies
Positive Technologies
added 2023/08/21 12:0 a.m.5 views

PT-2023-6024 · Jenkins · Jenkins Fortify Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Fortify Plugin versions 22.1.38 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored i...

6.4CVSS5.5AI score0.00196EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/08/21 12:0 a.m.1 views

PT-2023-6008 · Jenkins · Jenkins Fortify Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Fortify Plugin versions 22.1.38 and earlier Description: A missing permission check in the Jenkins Fortify Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentia...

4.3CVSS4.5AI score0.00268EPSS
Exploits0References10
CNNVD
CNNVD
added 2023/08/17 12:0 a.m.4 views

Jenkins Plugin Fortify 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5AI score0.00268EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 5:7 p.m.30 views

Fortify Plugin stored credentials in plain text

Fortify Plugin 19.1.29 and earlier stored its proxy server password unencrypted in job config.xml files. This password could be read by users with the Extended Read permission. Fortify Plugin 19.2.30 now encrypts the proxy server password...

4.3CVSS5.4AI score0.00647EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2022/02/17 12:0 a.m.24 views

Jenkins Fortify Plugin Path Traversal Vulnerability

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Fortify Plugin 20.2.34 and earlier versions are vulnerable to a path traversal vulnerability that stems from not...

4.3CVSS2.1AI score0.01219EPSS
Exploits0References1
OSV
OSV
added 2022/02/16 12:1 a.m.26 views

GHSA-23H5-8PH6-7RFC Path traversal vulnerability in Jenkins Fortify Plugin

Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, which are used to write to files inside build directories. This allows attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file...

4.3CVSS4.8AI score0.01219EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/02/16 12:1 a.m.23 views

Path traversal vulnerability in Jenkins Fortify Plugin

Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, which are used to write to files inside build directories. This allows attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file...

4.3CVSS4.9AI score0.01219EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/02/15 5:15 p.m.3 views

CVE-2022-25188

Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the attacker...

4.3CVSS5.8AI score0.01219EPSS
Exploits0References2
NVD
NVD
added 2022/02/15 5:15 p.m.25 views

CVE-2022-25188

Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the attacker...

4.3CVSS0.01219EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/02/15 5:15 p.m.7 views

CVE-2022-25188

Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the attacker...

4.3CVSS5.8AI score0.01219EPSS
Exploits0References3
Prion
Prion
added 2022/02/15 5:15 p.m.15 views

Code injection

Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the attacker...

4CVSS4.5AI score0.01219EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/02/15 4:11 p.m.172 views

CVE-2022-25188

CVE-2022-25188 affects Jenkins Fortify Plugin 20.2.34 and earlier. The root cause is that the plugin does not sanitize the appName and appVersion parameters of its Pipeline steps, enabling attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller filesyst...

4.3CVSS4.8AI score0.01219EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2022/02/15 4:11 p.m.75 views

CVE-2022-25188

Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the attacker...

4.3CVSS4AI score0.01219EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/02/15 12:0 a.m.5 views

Jenkins 插件 路径遍历漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Fortify Plugin 20.2.34 and earlier versions are vulnerable to a path traversal vulnerability that stems from not...

4.3CVSS5.7AI score0.01219EPSS
Exploits0References6
NVD
NVD
added 2020/07/02 3:15 p.m.32 views

CVE-2020-2202

A missing permission check in Jenkins Fortify on Demand Plugin 6.0.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

4.3CVSS0.00691EPSS
Exploits0References2
CVE
CVE
added 2020/07/02 2:55 p.m.77 views

CVE-2020-2202

CVE-2020-2202 affects CloudBees Jenkins Fortify on Demand Plugin versions 6.0.0 and earlier. A missing permission check in form-related methods allowed users with Overall/Read access to enumerate credentials IDs stored in Jenkins. The vulnerability could enable credential ID disclosure, which att...

4.3CVSS4.4AI score0.00691EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/01/30 12:0 a.m.33 views

FreeBSD : jenkins -- multiple vulnerabilities (a250539d-d1d4-4591-afd3-c8bdfac335d8)

Jenkins Security Advisory : DescriptionHigh SECURITY-1682 / CVE-2020-2099 Inbound TCP Agent Protocol/3 authentication bypass Medium SECURITY-1641 / CVE-2020-2100 Jenkins vulnerable to UDP amplification reflection attack Medium SECURITY-1659 / CVE-2020-2101 Non-constant time comparison of inbound...

8.6CVSS6AI score0.07044EPSS
Exploits0References12
NVD
NVD
added 2020/01/29 4:15 p.m.22 views

CVE-2020-2107

Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

4.3CVSS4.5AI score0.00647EPSS
Exploits0References2
OSV
OSV
added 2020/01/29 4:15 p.m.4 views

CVE-2020-2107

Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

4.3CVSS5.8AI score0.00647EPSS
Exploits0References2
Prion
Prion
added 2020/01/29 4:15 p.m.20 views

Design/Logic Flaw

Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

4CVSS4.9AI score0.00647EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder