CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

398 matches found

Github Security Blog•added 2023/05/16 6:30 p.m.•24 views

Jenkins Tag Profiler Plugin missing permission check

Jenkins Tag Profiler Plugin 0.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to reset profiler statistics. Additionally, this HTTP endpoint does not require POST requests, resulting in a cross-site request forgery CSRF...

4.3CVSS6.5AI score0.00425EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2023/05/16 6:30 p.m.•23 views

Jenkins SAML Single Sign On(SSO) Plugin missing permission checks

Jenkins SAML Single Sign OnSSO Plugin 2.0.0 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange’s API for sending emails...

4.3CVSS6.6AI score0.00425EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2023/05/16 12:0 a.m.•2 views

PT-2023-24134 · Jenkins · Jenkins Tag Profiler Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Tag Profiler Plugin versions 0.2 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to reset profiler statistics. The issue arises because the plugin does not perform a permission check in an HTT...

4.3CVSS4.4AI score0.003EPSS

Exploits0References6

OSV•added 2023/04/12 6:30 p.m.•26 views

GHSA-4697-3G92-GH78 Jenkins Thycotic Secret Server Plugin missing permissions check

Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials usin...

4.3CVSS4.7AI score0.00519EPSS

Exploits0References3

Github Security Blog•added 2023/04/12 6:30 p.m.•19 views

Jenkins Lucene-Search Plugin vulnerable to Cross-Site Request Forgery

Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to reindex the database...

4.3CVSS5.3AI score0.00349EPSS

Exploits0References6Affected Software1

OSV•added 2023/04/12 6:30 p.m.•20 views

GHSA-GH5W-GFFH-68PR Jenkins Lucene-Search Plugin vulnerable to Cross-Site Request Forgery

Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to reindex the database...

4.3CVSS4.8AI score0.00349EPSS

Exploits0References5

NVD•added 2023/04/12 6:15 p.m.•10 views

CVE-2023-30529

Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...

4.3CVSS4.5AI score0.00349EPSS

Exploits0References2

Prion•added 2023/04/12 6:15 p.m.•13 views

Code injection

Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...

4.3CVSS4.6AI score0.00349EPSS

Exploits0References2Affected Software1

Cvelist•added 2023/04/12 5:5 p.m.•19 views

CVE-2023-30529

Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...

4.9AI score0.00349EPSS

Exploits0References2

Vulnrichment•added 2023/04/12 5:5 p.m.•5 views

CVE-2023-30529

Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...

7AI score0.00349EPSS

Exploits0References2

AlpineLinux•added 2023/04/12 5:5 p.m.•27 views

CVE-2023-30529

Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...

4.3CVSS5.6AI score0.00349EPSS

Exploits0References2

OSV•added 2023/04/02 9:30 p.m.•23 views

GHSA-48G9-H7G5-8PW2 Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery

Convert To Pipeline Plugin 1.0 and earlier does not require POST requests for the HTTP endpoint converting a Freestyle project to Pipeline, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to create a Pipeline based on a Freestyle project. Combined...

8.8CVSS9.2AI score0.0064EPSS

Exploits1References3

OSV•added 2023/04/02 9:30 p.m.•14 views

GHSA-P3W6-3F7F-PM98 Jenkins OctoPerf Load Testing Plugin missing permission check allows for unauthorized server connections

Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to a previously configured Octoperf server using attacker-specified credentials. Additionally, these endpoints ...

4.3CVSS4.8AI score0.00425EPSS

Exploits0References3

Github Security Blog•added 2023/04/02 9:30 p.m.•20 views

Jenkins OctoPerf Load Testing Plugin vulnerable to credential capture

OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

6.5CVSS6.5AI score0.00509EPSS

Exploits0References3Affected Software1

OSV•added 2023/04/02 9:30 p.m.•22 views

GHSA-J9H4-P6P7-8652 Jenkins OctoPerf Load Testing Plugin vulnerable to credential capture

OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

6.5CVSS6.5AI score0.00509EPSS

Exploits0References2

Prion•added 2023/04/02 9:15 p.m.•15 views

Design/Logic Flaw

Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

4CVSS6.2AI score0.00509EPSS

Exploits0References1Affected Software1

Cvelist•added 2023/03/23 11:26 a.m.•16 views

CVE-2023-28672

Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

6.8AI score0.00509EPSS

Exploits0References1

AlpineLinux•added 2023/03/23 11:26 a.m.•21 views

CVE-2023-28672

Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

6.5CVSS6.7AI score0.00509EPSS

Exploits0References1

Github Security Blog•added 2023/01/26 9:30 p.m.•48 views

Jenkins GitHub Pull Request Builder Plugin missing permission check allows enumerating credentials IDs

Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credential...

4.3CVSS4.4AI score0.00661EPSS

Exploits0References4Affected Software1

OSV•added 2022/11/16 12:0 p.m.•24 views

GHSA-9PQQ-H9QV-28FP Jenkins Config Rotator Plugin vulnerable to path traversal

Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system. Currently there is no known workaround and no fix available...

7.5CVSS7.6AI score0.01061EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by