Lucene search
K

35 matches found

NVD
NVD
added 2019/04/04 4:29 p.m.25 views

CVE-2019-10292

A cross-site request forgery vulnerability in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.3AI score0.01296EPSS
Exploits0References3
Prion
Prion
added 2019/04/04 4:29 p.m.17 views

Input validation

A missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

4CVSS6.2AI score0.01486EPSS
Exploits0References3
Prion
Prion
added 2019/04/04 4:29 p.m.16 views

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers to initiate a connection to an attacker-specified server...

4.3CVSS6.3AI score0.01296EPSS
Exploits0References3
Prion
Prion
added 2019/04/04 4:29 p.m.12 views

Design/Logic Flaw

Jenkins Kmap Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

4CVSS8.6AI score0.01773EPSS
Exploits0References3
CVE
CVE
added 2019/04/04 3:38 p.m.67 views

CVE-2019-10292

CVE-2019-10292 describes a cross-site request forgery in the Jenkins Kmap Plugin, specifically in the KmapJenkinsBuilder.DescriptorImpl form validation methods. The vulnerability allows an unauthenticated or insufficiently authenticated attacker to trigger requests that cause the Jenkins server t...

6.5CVSS6.3AI score0.01296EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2019/04/04 3:38 p.m.58 views

CVE-2019-10293

CVE-2019-10293 affects the Jenkins Kmap Plugin. The vulnerability is a missing permission check in KmapJenkinsBuilder.DescriptorImpl form validation that allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server (SSRF-like behavior). Affected product/c...

6.5CVSS6.2AI score0.01486EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/04/04 3:38 p.m.32 views

CVE-2019-10292

A cross-site request forgery vulnerability in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers to initiate a connection to an attacker-specified server...

6.3AI score0.01296EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/04/04 3:38 p.m.22 views

CVE-2019-10293

A missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

6.3AI score0.01486EPSS
Exploits0References3
CVE
CVE
added 2019/04/04 3:38 p.m.62 views

CVE-2019-10294

CVE-2019-10294 concerns the Jenkins Kmap Plugin, where credentials are stored unencrypted in job config.xml files on the Jenkins master. The underlying issue enables exposure to users with Extended Read permission or with access to the master filesystem. The initial entry and multiple connected a...

8.8CVSS8.6AI score0.01773EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2019/04/04 3:38 p.m.27 views

CVE-2019-10292

A cross-site request forgery vulnerability in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS4.9AI score0.01296EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2019/04/04 3:38 p.m.29 views

CVE-2019-10293

A missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

6.5CVSS4.6AI score0.01486EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2019/04/04 3:38 p.m.33 views

CVE-2019-10294

Jenkins Kmap Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

8.8CVSS3.4AI score0.01773EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/04/04 3:38 p.m.27 views

CVE-2019-10294

Jenkins Kmap Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

8.7AI score0.01773EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.6 views

PT-2019-11695 · Jenkins · Jenkins Kmap Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Kmap Plugin affected versions not specified Description: A missing permission check in the KmapJenkinsBuilder.DescriptorImpl form validation methods of the Jenkins Kmap Plugin allows attackers with Overall/Read permission to initiate ...

6.5CVSS6.2AI score0.01486EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.10 views

PT-2019-11696 · Jenkins · Jenkins Kmap Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Kmap Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within job config.xml files on the Jenkins master. Users with Extended Read permission or access to the...

8.8CVSS8.5AI score0.01773EPSS
Exploits0References5
Rows per page
Query Builder