Lucene search
K

119 matches found

ATTACKERKB
ATTACKERKB
added 2022/03/29 1:15 p.m.3 views

CVE-2022-28134

Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers...

5.5CVSS5.9AI score0.00642EPSS
Exploits0References3
NVD
NVD
added 2022/03/29 1:15 p.m.25 views

CVE-2022-28133

Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create BitBucket Server consumers...

5.4CVSS0.00792EPSS
Exploits0References2
Prion
Prion
added 2022/03/29 1:15 p.m.14 views

Design/Logic Flaw

Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers...

5.5CVSS5.3AI score0.00642EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/03/29 12:30 p.m.27 views

CVE-2022-28134

Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers...

6AI score0.00642EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2022/03/29 12:30 p.m.64 views

CVE-2022-28134

Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers...

5.5CVSS2.7AI score0.00642EPSS
Exploits0References2
CVE
CVE
added 2022/03/29 12:30 p.m.141 views

CVE-2022-28134

The data shows CVE-2022-28134 affects Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier, where multiple HTTP endpoints do not perform permission checks, allowing attackers with Overall/Read to create, view, and delete Bitbucket Server consumers. The issue is confirmed by multiple sour...

5.5CVSS5.2AI score0.00642EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/03/29 12:0 a.m.7 views

Jenkins Bitbucket Server Integration Plugin 权限许可和访问控制问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application software.Jenkins Bitbucket Server...

5.5CVSS5.6AI score0.00642EPSS
Exploits0References5
Prion
Prion
added 2021/09/10 2:15 p.m.18 views

Cross site scripting

The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gmerror parameter found in the /includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6...

4.3CVSS6.1AI score0.00895EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2021/05/12 12:0 a.m.7 views

CloudBees Jenkins Xcode Integration Plugin XML External Entity Injection Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . CloudBees Jenkins Xcode...

7.1CVSS7.2AI score0.01511EPSS
Exploits0References1
NVD
NVD
added 2021/01/18 8:15 p.m.24 views

CVE-2020-36192

An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues either marked as Private, or part of a private Project, if they are attached to an existing Changeset. The information is visible on the view.php...

5.3CVSS5.3AI score0.0096EPSS
Exploits1References1
OSV
OSV
added 2021/01/18 8:15 p.m.16 views

CVE-2020-36192

An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues either marked as Private, or part of a private Project, if they are attached to an existing Changeset. The information is visible on the view.php...

5.3CVSS6.7AI score
Exploits0References1
Cvelist
Cvelist
added 2021/01/18 7:5 p.m.26 views

CVE-2020-36192

An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues either marked as Private, or part of a private Project, if they are attached to an existing Changeset. The information is visible on the view.php...

5.3AI score0.0096EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/09/16 1:20 p.m.29 views

CVE-2020-2256

Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

5.3AI score0.00735EPSS
Exploits0References2
CVE
CVE
added 2020/09/16 1:20 p.m.84 views

CVE-2020-2256

CVE-2020-2256 concerns Jenkins Pipeline Maven Integration Plugin evaluating upstream display names in build causes. The vulnerability affects version 3.9.2 and earlier, where the upstream job’s display name is not properly escaped, enabling a stored cross-site scripting (XSS) vulnerability. Explo...

5.4CVSS5.2AI score0.00735EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2020/08/12 2:15 p.m.21 views

CVE-2020-2233

A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

6.5CVSS6.3AI score0.00836EPSS
Exploits0References2
OSV
OSV
added 2020/08/12 2:15 p.m.15 views

CVE-2020-2234

A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkin...

6.5CVSS6.4AI score
Exploits0References2
OSV
OSV
added 2020/08/12 2:15 p.m.16 views

CVE-2020-2235

A cross-site request forgery CSRF vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkin...

6.5CVSS6.6AI score
Exploits0References2
Prion
Prion
added 2020/08/12 2:15 p.m.24 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkin...

4.3CVSS6.4AI score0.00859EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/08/12 1:25 p.m.21 views

CVE-2020-2234

A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkin...

6.3AI score0.01056EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2020/08/12 1:25 p.m.28 views

CVE-2020-2233

A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

6.5CVSS4.2AI score0.00836EPSS
Exploits0References2
Rows per page
Query Builder