Jenkins Matrix Authorization Strategy Plugin 代码问题漏洞

The Jenkins Matrix Authorization Strategy Plugin is an open-source plugin developed for continuous integration platforms, providing a fine-grained permission control mechanism based on matrices. There are code vulnerabilities in versions 2.0-beta-1 to 3.2.9 of the Jenkins Matrix Authorization...

EUVD-2026-22231

The Eventin – Events Calendar, Event Booking, Ticket & Registration AI Powered plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the getitempermissionscheck function in all versions up to, and including, 4.1.8. This makes it possible for...

CVE-2026-1920

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ExtensionController::updateitempermissionscheck' function in all versions up to, and including, 1.0.16. This...

WordPress plugin Booking Calendar for Appointments and Service Businesses – Booktics 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

PT-2026-24175

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'Extension Controller::update item permissions check' function in all versions up to, and including, 1.0.16. Thi...

GHSA-WFHP-QGM8-5P5C Jenkins has a build information disclosure vulnerability through Run Parameter

Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds,...

CVE-2025-14798

The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.3.2.4 via the getitempermissionscheck function. This makes it possible for unauthenticated attackers to extract sensitive data including user first names and las...

WordPress plugin ACF to REST API 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-28409

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/parentId endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified parentId...

WordPress plugin MultiVendorX 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Information Disclosure

org.jenkins-ci.plugins:codedx is vulnerable to Information Disclosure. A remote authenticated attacker with item/read permissions is able to gain access user sensitive information such as the existence of an attacker-specified file path on an agent file system...

GHSA-CJ6R-8PXJ-5JV6 Incorrect Permission Preservation in Jenkins Core

Jenkins uses temporary directories adjacent to workspace directories, usually with the @tmp name suffix, to store temporary files related to the build. In pipelines, these temporary directories are adjacent to the current working directory when operating in a subdirectory of the automatically...

CVE-2022-30967

Jenkins Selection tasks Plugin 1.0 and earlier does not escape the name and description of Script Selection task variable parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

GHSA-85F9-W9CX-H363 Cross site request forgery in Jenkins Job and Node ownership Plugin

Job and Node ownership Plugin 0.13.0 and earlier does not perform a permission check in several HTTP endpoints. This allows attackers with Item/Read permission to change the owners and item-specific permissions of a job. Additionally, this endpoint does not require POST requests, resulting in a...

CVE-2022-28151

A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job...

PT-2022-18849 · Jenkins · Jenkins Job/Node Ownership Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Job and Node ownership Plugin versions 0.13.0 and earlier Description: A cross-site request forgery CSRF vulnerability exists due to the lack of permission checks in several HTTP endpoints, allowing attackers with Item/Read permission...

PT-2022-18850 · Jenkins · Jenkins Job/Node Ownership Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Job and Node ownership Plugin versions 0.13.0 and earlier Description: A missing permission check in the plugin allows attackers with Item/Read permission to change the owners and item-specific permissions of a job. Recommendations: F...

Path traversal

Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files...