28 matches found
EUVD-2014-4577
Malware in sbrugna...
CVE-2019-10369
A missing permission check in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpldoTestConnection and JCloudsCloud.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained...
CVE-2019-10368
A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpldoTestConnection and JCloudsCloud.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified...
GHSA-7WXC-7QRG-RG6W Jenkins JClouds Plugin missing permission check
Jenkins JClouds Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored ...
Jenkins JClouds Plugin cross-site request forgery vulnerability
Jenkins JClouds Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored ...
Jenkins JClouds Plugin missing permission check
Jenkins JClouds Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored ...
GHSA-87HX-Q65G-R35X Jenkins JClouds Plugin cross-site request forgery vulnerability
Jenkins JClouds Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored ...
com.github.ptgoetz:whirr-storm (=0.1.0), com.proofpoint.cloudmanagement.service:cloud-management (>=1.2 <=1.3) +40 more potentially affected by CVE-2013-4766 via org.jclouds.api:eucalyptus (>=1.0-beta-9b <=1.5.9)
org.jclouds.api:eucalyptus MAVEN version =1.0-beta-9b, =1.2, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.5.0, =0.4.0, =0.4.0, =0.4.0, =0.5.0, =0.4.0, =0.4.0, =0.4.0, =0.5.0-rc.2 and more Source cves: CVE-2013-4766 Source advisory: OSV:GHSA-F5HM-H272-2QWM...
com.cloudcoreo.plugins:cloudcoreo-deploytime (>=0.1.0 <=0.2.3), com.github.kostyasha.yet-another-docker:yet-another-docker-plugin (>=0.1.0 <=0.1.3) +7 more potentially affected by CVE-2017-2648 via org.jenkins-ci.plugins:ssh-slaves (>=1.10 <=1.13)
org.jenkins-ci.plugins:ssh-slaves MAVEN version =1.10, =0.1.0, =0.1.0, =1.2.8, =2.0.0, =1.3, =1.2.0, =2.9, =2.11, =2.8, =2.19 Source cves: CVE-2017-2648 Source advisory: OSV:GHSA-X654-4WJH-74Q6...
CVE-2014-4651
It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks...
CVE-2014-4651
CVE-2014-4651 affects the jclouds scriptbuilder Statements class, which writes a temporary file to a predictable location. This could allow an attacker to access sensitive data, cause a denial of service, or perform other attacks. Public details include a high to critical impact (CVSS v2 base 7.5...
CVE-2014-4651
It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks...
CloudBees Jenkins JClouds Plugin Cross-Site Request Forgery Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . A cross-site request forgery vulnerability exists in CloudBees Jenkins JClouds Plugin, which can be exploited by an attacker to send unintended requests to the...
CloudBees Jenkins JClouds Plugin Authorization Issues Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . An authorization issue vulnerability exists in CloudBees Jenkins JClouds Plugin, which can be exploited by an attacker to gain access to credentials stored in...
CVE-2019-10369
A missing permission check in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpldoTestConnection and JCloudsCloud.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained...
CVE-2019-10368
A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpldoTestConnection and JCloudsCloud.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified...
CVE-2019-10369
A missing permission check in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpldoTestConnection and JCloudsCloud.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained...
CVE-2019-10368
A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpldoTestConnection and JCloudsCloud.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified...
Design/Logic Flaw
A missing permission check in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpldoTestConnection and JCloudsCloud.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpldoTestConnection and JCloudsCloud.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified...