Lucene search
K

39 matches found

NVD
NVD
added 2023/01/26 9:18 p.m.31 views

CVE-2023-24432

A cross-site request forgery CSRF vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS8.7AI score0.00515EPSS
Exploits0References1
NVD
NVD
added 2023/01/26 9:18 p.m.36 views

CVE-2023-24433

Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS6.4AI score0.00769EPSS
Exploits0References1
NVD
NVD
added 2023/01/26 9:18 p.m.19 views

CVE-2023-24431

A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS4.5AI score0.00619EPSS
Exploits0References1
OSV
OSV
added 2023/01/26 9:18 p.m.4 views

CVE-2023-24431

A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.8AI score0.00619EPSS
Exploits0References1
Prion
Prion
added 2023/01/26 9:18 p.m.13 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.8CVSS8.7AI score0.00515EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/01/26 9:18 p.m.15 views

Design/Logic Flaw

Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4CVSS6.3AI score0.00769EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/01/26 9:18 p.m.21 views

Information disclosure

A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4CVSS4.4AI score0.00619EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.5 views

Jenkins Plugin MacStadium 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS6.5AI score0.00769EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.6 views

Jenkins Plugin MacStadium 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

8.8CVSS7.8AI score0.00515EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.5 views

Jenkins Plugin MacStadium 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.1AI score0.00619EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/01/24 12:0 a.m.32 views

CVE-2023-24432

A cross-site request forgery CSRF vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.9AI score0.00515EPSS
Exploits0References1
CVE
CVE
added 2023/01/24 12:0 a.m.77 views

CVE-2023-24432

CVE-2023-24432 affects Jenkins Orka by MacStadium Plugin versions ≤ 1.31. The vulnerability arises from missing permission checks on several HTTP endpoints and CSRF-like behavior, enabling attackers with Overall/Read permission to connect to an attacker‑specified HTTP server using attacker‑specif...

8.8CVSS8.6AI score0.00515EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.5 views

PT-2023-19591 · Macstadium +1 · Jenkins Orka By Macstadium Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Orka by MacStadium Plugin versions 1.31 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Recommendations: Fo...

4.3CVSS4.3AI score0.00619EPSS
Exploits0References4
CVE
CVE
added 2023/01/24 12:0 a.m.79 views

CVE-2023-24433

The CVE-2023-24433 entry concerns the Orka by MacStadium Jenkins plugin (versions 1.31 and earlier). The root cause is missing permission checks across several HTTP endpoints, enabling attackers with Overall/Read permission to (a) enumerate credentials IDs stored in Jenkins and (b) connect to an ...

6.5CVSS6.3AI score0.00769EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/01/24 12:0 a.m.78 views

CVE-2023-24431

CVE-2023-24431 affects the Jenkins Orka by MacStadium Plugin (versions 1.31 and earlier). The issue is a missing permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs stored in Jenkins. This can facilitate credential exposure and ...

4.3CVSS4.4AI score0.00619EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/24 12:0 a.m.10 views

CVE-2023-24431

A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

6.7AI score0.00619EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.5 views

PT-2023-19593 · Macstadium +1 · Jenkins Orka By Macstadium Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Orka by MacStadium Plugin versions 1.31 and earlier Description: The issue is related to missing permission checks, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specifi...

6.5CVSS6.2AI score0.00769EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/01/24 12:0 a.m.32 views

CVE-2023-24431

A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.8AI score0.00619EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/24 12:0 a.m.34 views

CVE-2023-24433

Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5AI score0.00769EPSS
Exploits0References1
Rows per page
Query Builder