Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2022/10/19 7:0 p.m.26 views

Agent-to-controller security bypass vulnerability in Jenkins Compuware Topaz Utilities Plugin

Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed. It allows attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. This vulnerability is onl...

5.3CVSS5.8AI score0.00666EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/22 12:0 a.m.39 views

Jenkins WildFly Deployer Plugin vulnerable to path traversal

Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. This vulnerability is only exploitable in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. See the LTS upgrade guide...

5.3CVSS6.4AI score0.00578EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 7:16 p.m.26 views

Stored XSS vulnerability in Jenkins Git Plugin

Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to submit crafted commit notifications to th...

6.1CVSS5.8AI score0.01197EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/16 12:0 a.m.29 views

Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin

Jenkins Semantic Versioning Plugin defines a controller/agent message that processes a given file as XML and returns version information. The XML parser is not configured to prevent XML external entity XXE attacks, which is only a problem if XML documents are parsed on the Jenkins controller...

6.5CVSS3.4AI score0.01314EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/02/16 12:1 a.m.21 views

GHSA-2587-W93G-63M2 Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin allows reading arbitrary files

Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. This allows attackers able to control agent processes to read arbitrary files on the Jenkins controller file system. Thi...

5.3CVSS6.6AI score0.00809EPSS
Exploits0References5
Rows per page
Query Builder