Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:24 a.m.9 views

CVE-2019-10339

A missing permission check in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfigurationdoValidateClient allowed users with Overall/Read access to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials...

8.8CVSS6.6AI score0.01832EPSS
Exploits0References1
OSV
OSV
added 2022/05/24 4:47 p.m.19 views

GHSA-QWW5-P626-RFPF Jenkins JX Resources Plugin cross-site request forgery vulnerability

Jenkins jx-resources Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified Kubernetes server and obtain information about an attacker-specified namespace. Doing so might also le...

5.4CVSS8.5AI score0.01036EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 4:47 p.m.21 views

Jenkins JX Resources Plugin missing permission check

Jenkins jx-resources Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified Kubernetes server and obtain information about an attacker-specified namespace. Doing so might also le...

8.8CVSS6.3AI score0.01832EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2019/06/11 2:29 p.m.9 views

CVE-2019-10339

A missing permission check in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfigurationdoValidateClient allowed users with Overall/Read access to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials...

8.8CVSS8.6AI score0.01832EPSS
Exploits0References3
OSV
OSV
added 2019/06/11 2:29 p.m.13 views

CVE-2019-10338

A cross-site request forgery vulnerability in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfigurationdoValidateClient allowed attackers to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials...

8.8CVSS6.6AI score
Exploits0References3
CVE
CVE
added 2019/06/11 1:15 p.m.54 views

CVE-2019-10339

The CVE-2019-10339 issue affects Jenkins JX Resources Plugin (versions ≤1.0.36). A missing permission check in GlobalPluginConfiguration#doValidateClient allowed users with Overall/Read to connect to an attacker-specified Kubernetes server, potentially leaking credentials and exposing environment...

8.8CVSS8.5AI score0.01832EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2019/06/11 1:15 p.m.64 views

CVE-2019-10338

The CVE-2019-10338 issue affects Jenkins JX Resources Plugin (versions 1.0.36 and earlier). The root cause is a lack of permission checks in a form-validation method (GlobalPluginConfiguration#doValidateClient), enabling a user with Jenkins access to cause Jenkins to connect to an attacker-specif...

8.8CVSS8.6AI score0.01036EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2019/06/11 12:0 a.m.5 views

PT-2019-11737 · Jenkins · Jenkins Jx Resources Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins JX Resources Plugin versions 1.0.36 and earlier Description: A cross-site request forgery issue allows attackers to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials. The vulnerability is...

8.8CVSS8.5AI score0.01036EPSS
Exploits0References7
Rows per page
Query Builder