GHSA-4V5C-5V6C-37PJ Jenkins Matrix Reloaded Plugin vulnerable to CSRF

Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to rebuild previous matrix builds...

Jenkins Matrix Reloaded Plugin vulnerable to CSRF

Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to rebuild previous matrix builds...

CVE-2022-34814

Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration page listing pending requests...

Cross site request forgery (csrf)

Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration page listing pending requests...

CVE-2022-34814

CVE-2022-34814 affects Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier. The vulnerability arises from a missing permission check in an HTTP endpoint, enabling attackers with Overall/Read permission to view an administrative configuration page that lists pending requests. The Connected d...

PT-2022-22366 · Jenkins · Jenkins Request Rename/Delete Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Request Rename Or Delete Plugin versions 1.1.0 and earlier Description: The issue arises from an incorrect permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration...

Jenkins vRealize Orchestrator Plugin跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins vRealize Orchestrator Plugin 3.0...

Jenkins Embeddable Build Status Plugin授权问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that is vulnerable to an authorization issue in Jenkins Embeddable Build Status Plugin 2.0.3 and earlier, which stems from an inability to properly perform a ViewStatus...

CVE-2022-34180

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified j...

Code injection

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified j...

CVE-2022-34180

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified j...

CVE-2022-34180

CVE-2022-34180 concerns the Jenkins Embeddable Build Status Plugin ( versions 2.0.3 and earlier ). The issue is that the plugin does not correctly perform the ViewStatus permission check in the HTTP endpoint used for unprotected status badge access. As a result, attackers with no permissions can ...

CVE-2022-30311

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...

CVE-2022-30311

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...

CVE-2022-30310

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...

CVE-2022-30309

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...

Command injection

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...

Command injection

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...

CVE-2022-30311

The CVE-2022-30311 vulnerability affects Festo Controller CECC-X-M1 family where the http endpoint cecc-x-refresh-request (and related endpoints) does not validate port syntax in POST requests, enabling unauthorized command execution with root privileges due to improper access control command inj...

CVE-2022-30309

CVE-2022-30309 affects Festo Controller CECC-X-M1 family. The http-endpoint cecc-x-web-viewer-request-off (POST) does not validate port syntax, enabling unauthorized execution of system commands with root privileges due to improper access control command injection. Public discussions and advisori...