35 matches found
CVE-2019-10292
A cross-site request forgery vulnerability in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers to initiate a connection to an attacker-specified server...
Input validation
A missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers to initiate a connection to an attacker-specified server...
Design/Logic Flaw
Jenkins Kmap Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10292
CVE-2019-10292 describes a cross-site request forgery in the Jenkins Kmap Plugin, specifically in the KmapJenkinsBuilder.DescriptorImpl form validation methods. The vulnerability allows an unauthenticated or insufficiently authenticated attacker to trigger requests that cause the Jenkins server t...
CVE-2019-10293
CVE-2019-10293 affects the Jenkins Kmap Plugin. The vulnerability is a missing permission check in KmapJenkinsBuilder.DescriptorImpl form validation that allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server (SSRF-like behavior). Affected product/c...
CVE-2019-10292
A cross-site request forgery vulnerability in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers to initiate a connection to an attacker-specified server...
CVE-2019-10293
A missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
CVE-2019-10294
CVE-2019-10294 concerns the Jenkins Kmap Plugin, where credentials are stored unencrypted in job config.xml files on the Jenkins master. The underlying issue enables exposure to users with Extended Read permission or with access to the master filesystem. The initial entry and multiple connected a...
CVE-2019-10292
A cross-site request forgery vulnerability in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers to initiate a connection to an attacker-specified server...
CVE-2019-10293
A missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
CVE-2019-10294
Jenkins Kmap Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10294
Jenkins Kmap Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
PT-2019-11695 · Jenkins · Jenkins Kmap Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Kmap Plugin affected versions not specified Description: A missing permission check in the KmapJenkinsBuilder.DescriptorImpl form validation methods of the Jenkins Kmap Plugin allows attackers with Overall/Read permission to initiate ...
PT-2019-11696 · Jenkins · Jenkins Kmap Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Kmap Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within job config.xml files on the Jenkins master. Users with Extended Read permission or access to the...