398 matches found
GHSA-2WWH-QGH8-W9XW Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not require POST requests for an HTTP endpoint, resulting in cross-site request forgery CSRF vulnerabilities. This vulnerability allows attackers to delete Failure Causes. Build Failure Analyzer Plugin 2.4.2 requires POST requests for t...
GHSA-55Q6-R3HM-7FF4 Jenkins Build Failure Analyzer Plugin missing permission check
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, th...
CVE-2023-41943
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...
Design/Logic Flaw
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...
CVE-2023-41943
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...
CVE-2023-41943
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...
PT-2023-28181 · Jenkins · Jenkins Aws Codecommit Trigger Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins AWS CodeCommit Trigger Plugin versions 3.0.12 and earlier Description: The issue arises from a lack of permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue. This can be exploited...
Cross-site Request Forgery
blueocean is vulnerable to Cross-site Request Forgery. The vulnerability is due to a lack of requiring POST requests for an HTTP endpoint in GithubScm.java, which allows an attacker to view github credentials...
Cross-site Request Forgery (CSRF)
org.jenkins-ci.plugins, favorite-view is vulnerable to Cross-Site Request Forgery. The vulnerability exists due to the lack of validation in the HTTP endpoint which allows an attackers to add or remove views from another user's favorite views tab bar...
Cross-site Request Forgery
Folders Plugin is vulnerable to Cross-site Request Forgery. The vulnerability is due to a lack of requiring POST requests for an HTTP endpoint, which allows an attacker to copy a view inside a folder...
Cross-Site Request Forgery (CSRF)
gin is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability occurs because the plugin does not require POST requests for an HTTP endpoint, which allows allows an attacker to copy a malicious folder, which could then be used to steal data or execute arbitrary code...
Jenkins Plugin Fortify 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Delphix Plugin missing permission check
Jenkins Delphix Plugin 3.0.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...
Jenkins Favorite View Plugin cross-site request forgery vulnerability
Jenkins Favorite View Plugin 5.v77a37f62782d and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to add or remove views from another user’s favorite views tab bar. As of publication of...
GHSA-JRJ6-QX48-3CPQ Jenkins Favorite View Plugin cross-site request forgery vulnerability
Jenkins Favorite View Plugin 5.v77a37f62782d and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to add or remove views from another user’s favorite views tab bar. As of publication of...
GHSA-3FQW-J7X8-G75J Jenkins Delphix Plugin missing permission check
Jenkins Delphix Plugin 3.0.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...
GHSA-4VQP-PCM3-73XP Jenkins Folders Plugin cross-site request forgery vulnerability
Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to copy an item, which could potentially automatically approve unsandboxed scripts and allo...
Jenkins Folders Plugin cross-site request forgery vulnerability
Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to copy an item, which could potentially automatically approve unsandboxed scripts and allo...
Cross-Site Request Forgery (CSRF)
bazaar is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists because the library does not require POST requests for an HTTP endpoint, which allows an attacker to delete previously created Bazaar SCM tags...
CSRF vulnerability in Bazaar Plugin
Jenkins Bazaar Plugin 1.22 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to delete previously created Bazaar SCM tags...