Lucene search
K

369 matches found

redhat
redhat
added 2023/05/17 5:53 p.m.5 views

jenkins-plugin/workflow-cps-global-lib: Sandbox bypass vulnerability in Pipeline: Deprecated Groovy Libraries Plugin

A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...

9.9CVSS6.1AI score0.01095EPSS
Exploits0References5
redhat
redhat
added 2023/05/17 5:53 p.m.8 views

jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin

A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...

9.9CVSS7.6AI score0.01428EPSS
Exploits0References5
osv
osv
added 2023/05/16 6:30 p.m.24 views

GHSA-46F2-X6H2-X9HX Jenkins File Parameter Plugin arbitrary file write vulnerability

Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters. This allows attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specifi...

8.8CVSS8.6AI score0.60683EPSS
Exploits0References3
osv
osv
added 2023/05/16 6:30 p.m.59 views

GHSA-GPC2-F62M-C6H6 Jenkins Code Dx Plugin stores API keys in plain text

Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionall...

4.3CVSS4.9AI score0.00633EPSS
Exploits0References3
prion
prion
added 2023/05/16 6:15 p.m.22 views

Design/Logic Flaw

Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4CVSS4.6AI score0.00633EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2023/05/16 5:15 p.m.23 views

CVE-2023-32991

A cross-site request forgery CSRF vulnerability in Jenkins SAML Single Sign OnSSO Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML...

8.8CVSS8.6AI score0.00681EPSS
Exploits0References1
prion
prion
added 2023/05/16 5:15 p.m.18 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins SAML Single Sign OnSSO Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML...

6.8CVSS8.5AI score0.00681EPSS
Exploits0References1Affected Software1
osv
osv
added 2023/05/16 4:15 p.m.3 views

CVE-2023-32986

Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified...

8.8CVSS5.9AI score0.60683EPSS
Exploits0References1
osv
osv
added 2023/05/16 4:15 p.m.26 views

CVE-2023-32982

Jenkins Ansible Plugin 204.v8191fd551ebf and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.3CVSS6.9AI score0.00377EPSS
Exploits0References1
nvd
nvd
added 2023/05/16 4:15 p.m.39 views

CVE-2023-32982

Jenkins Ansible Plugin 204.v8191fd551ebf and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.3CVSS4.5AI score0.00377EPSS
Exploits0References1
prion
prion
added 2023/05/16 4:15 p.m.17 views

Code injection

Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified...

6.5CVSS8.7AI score0.60683EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2023/05/16 4:0 p.m.29 views

CVE-2023-32992

Missing permission checks in Jenkins SAML Single Sign OnSSO Plugin 2.0.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML...

8.7AI score0.00832EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2023/05/16 4:0 p.m.23 views

CVE-2023-32986

Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified...

8.8CVSS7AI score0.60683EPSS
Exploits0References1
cvelist
cvelist
added 2023/05/16 4:0 p.m.34 views

CVE-2023-32982

Jenkins Ansible Plugin 204.v8191fd551ebf and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.8AI score0.00377EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2023/05/16 4:0 p.m.21 views

CVE-2023-32982

Jenkins Ansible Plugin 204.v8191fd551ebf and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.3CVSS6.8AI score0.00377EPSS
Exploits0References1
osv
osv
added 2023/04/12 6:30 p.m.36 views

GHSA-96C7-FQXV-RMV7 Jenkins Consul KV Builder Plugin stores HashiCorp Consul ACL Token unencrypted

Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file org.jenkinsci.plugins.consulkv.GlobalConsulConfig.xml on the Jenkins controller as part of its configuration. This token can be viewed by users with access to the...

4.3CVSS4.8AI score0.00323EPSS
Exploits0References3
osv
osv
added 2023/04/12 6:30 p.m.15 views

GHSA-QGW9-VGRF-H723 Jenkins Report Portal Plugin allows users with Item/Extended Read permission to view tokens on Jenkins controller

Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These tokens can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.3CVSS4.8AI score0.00323EPSS
Exploits0References3
osv
osv
added 2023/04/12 6:30 p.m.24 views

GHSA-54CW-RVR3-W6CX Jenkins Consul KV Builder Plugin stores HashiCorp Consul ACL Token unencrypted

Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file org.jenkinsci.plugins.consulkv.GlobalConsulConfig.xml on the Jenkins controller as part of its configuration. This token can be viewed by users with access to the...

4.3CVSS6.6AI score0.00397EPSS
Exploits0References3
github
github
added 2023/04/12 6:30 p.m.19 views

Jenkins Consul KV Builder Plugin stores HashiCorp Consul ACL Token unencrypted

Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file org.jenkinsci.plugins.consulkv.GlobalConsulConfig.xml on the Jenkins controller as part of its configuration. This token can be viewed by users with access to the...

6.5CVSS6.6AI score0.00397EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2023/04/12 6:15 p.m.21 views

CVE-2023-30530

Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

4.3CVSS4.5AI score0.00323EPSS
Exploits0References2
Rows per page
Query Builder