11 matches found
CVE-2019-10339
A missing permission check in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfigurationdoValidateClient allowed users with Overall/Read access to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials...
Jenkins JX Resources Plugin missing permission check
Jenkins jx-resources Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified Kubernetes server and obtain information about an attacker-specified namespace. Doing so might also le...
Jenkins JX Resources Plugin cross-site request forgery vulnerability
Jenkins jx-resources Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified Kubernetes server and obtain information about an attacker-specified namespace. Doing so might also le...
GHSA-QWW5-P626-RFPF Jenkins JX Resources Plugin cross-site request forgery vulnerability
Jenkins jx-resources Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified Kubernetes server and obtain information about an attacker-specified namespace. Doing so might also le...
GHSA-XQQR-MQ8X-22QX Jenkins JX Resources Plugin missing permission check
Jenkins jx-resources Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified Kubernetes server and obtain information about an attacker-specified namespace. Doing so might also le...
CloudBees Jenkins JX Resources Plugin Trust Management Issue Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . JX Resources Plugin is used in one of the...
CVE-2019-10339
A missing permission check in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfigurationdoValidateClient allowed users with Overall/Read access to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials...
CVE-2019-10338
A cross-site request forgery vulnerability in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfigurationdoValidateClient allowed attackers to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials...
CVE-2019-10339
The CVE-2019-10339 issue affects Jenkins JX Resources Plugin (versions ≤1.0.36). A missing permission check in GlobalPluginConfiguration#doValidateClient allowed users with Overall/Read to connect to an attacker-specified Kubernetes server, potentially leaking credentials and exposing environment...
CVE-2019-10338
The CVE-2019-10338 issue affects Jenkins JX Resources Plugin (versions 1.0.36 and earlier). The root cause is a lack of permission checks in a form-validation method (GlobalPluginConfiguration#doValidateClient), enabling a user with Jenkins access to cause Jenkins to connect to an attacker-specif...
PT-2019-11737 · Jenkins · Jenkins Jx Resources Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins JX Resources Plugin versions 1.0.36 and earlier Description: A cross-site request forgery issue allows attackers to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials. The vulnerability is...