296 matches found
CVE-2022-43417
Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in...
Design/Logic Flaw
Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in...
Design/Logic Flaw
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-43427
CVE-2022-43427 affects Jenkins with the Compuware Topaz for Total Test Plugin 2.4.8 and earlier . The root issue is that several HTTP endpoints do not perform proper permission checks, allowing attackers with Overall/Read to enumerate the credentials IDs stored in Jenkins. This is a credential di...
CVE-2022-43417
Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in...
GHSA-4JFQ-4FQC-5J9C Jenkins Rundeck Plugin Missing Authorization vulnerability
Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled...
GHSA-P37P-WG92-2FC4 Missing permission checks in Jenkins CONS3RT Plugin allow enumerating credentials IDs
CONS3RT Plugin 1.0.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...
Missing permission checks in Jenkins CONS3RT Plugin allow enumerating credentials IDs
CONS3RT Plugin 1.0.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...
CVE-2022-41233
Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled...
CVE-2022-41233
Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled...
Design/Logic Flaw
Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled...
CVE-2022-41233
Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled...
CVE-2022-41233
Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled...
CVE-2022-30954
Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server...
GHSA-VPF7-Q2RX-26MH Jenkins HashiCorp Vault Plugin does not perform permission checks in several HTTP endpoints that perform Vault connection tests
A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb858fd6bf48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys...
Jenkins Job Configuration History Plugin does not require POST requests for several HTTP endpoints
Jenkins Job Configuration History Plugin 1155.v28a46acc06a5 and earlier does not require POST requests for several HTTP endpoints, resulting in cross-site request forgery CSRF vulnerabilities. These vulnerabilities allow attackers to delete entries from job, agent, and system configuration histor...
Jenkins HashiCorp Vault Plugin does not perform permission checks in several HTTP endpoints that perform Vault connection tests
A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb858fd6bf48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys...
GHSA-HXF7-9RV9-88V6 Jenkins Compuware Xpediter Code Coverage Plugin Missing Authorization
Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. Those...
GHSA-M8W5-VWQ3-GP8F Lucene-Search Plugin does not perform permission checks in several HTTP endpoints
Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them...
Jenkins Compuware ISPW Operations Plugin does not perform permission checks in several HTTP endpoints
Jenkins BMC AMI DevX Code Pipeline Operations Plugin 1.0.8 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...