11 matches found
EUVD-2021-1403
Malware in sbrugna...
EUVD-2021-1263
Malware in sbrugna...
CVE-2021-21652
A cross-site request forgery CSRF vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2021-21653
Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not perform a permission check in an HTTP endpoint, allowing with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CSRF vulnerability in Jenkins Xray - Test Management for Jira Plugin allows capturing credentials
Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not require POST requests for a connection test method, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified...
CVE-2021-21652
A cross-site request forgery CSRF vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2021-21653
Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not perform a permission check in an HTTP endpoint, allowing with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2021-21653
Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not perform a permission check in an HTTP endpoint, allowing with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2021-21652
A cross-site request forgery CSRF vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
PT-2021-14696 · Jenkins · Jenkins Xray - Test Management For Jira Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Xray - Test Management for Jira Plugin versions 2.4.0 and earlier Description: The issue concerns a lack of permission check in an HTTP endpoint, allowing users with Overall/Read permission to enumerate credentials IDs of credentials...