Lucene search
+L

5 matches found

OSV
OSV
added 2023/07/12 6:30 p.m.25 views

GHSA-WGVX-9RH5-4G4M Jenkins Benchmark Evaluator Plugin vulnerable to cross-site request forgery

Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the...

8.8CVSS8.7AI score0.00491EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/07/12 6:30 p.m.26 views

Jenkins Benchmark Evaluator Plugin vulnerable to cross-site request forgery

Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the...

8.8CVSS6.6AI score0.00491EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/07/12 4:15 p.m.23 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the Jenkins controller file system...

6.8CVSS8.7AI score0.00491EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/07/12 4:15 p.m.25 views

Design/Logic Flaw

A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the Jenkins controller file system...

5.5CVSS5.3AI score0.00502EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/12 12:0 a.m.15 views

PT-2023-26211 · Jenkins · Jenkins Benchmark Evaluator Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Benchmark Evaluator Plugin versions 1.0.1 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb...

8.8CVSS8.4AI score0.00491EPSS
Exploits0References6
Rows per page
Query Builder