39 matches found
CVE-2023-24432
A cross-site request forgery CSRF vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2023-24433
Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2023-24431
A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2023-24431
A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Design/Logic Flaw
Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Information disclosure
A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
Jenkins Plugin MacStadium 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Plugin MacStadium 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Plugin MacStadium 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
CVE-2023-24432
A cross-site request forgery CSRF vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2023-24432
CVE-2023-24432 affects Jenkins Orka by MacStadium Plugin versions ≤ 1.31. The vulnerability arises from missing permission checks on several HTTP endpoints and CSRF-like behavior, enabling attackers with Overall/Read permission to connect to an attacker‑specified HTTP server using attacker‑specif...
PT-2023-19591 · Macstadium +1 · Jenkins Orka By Macstadium Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Orka by MacStadium Plugin versions 1.31 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Recommendations: Fo...
CVE-2023-24433
The CVE-2023-24433 entry concerns the Orka by MacStadium Jenkins plugin (versions 1.31 and earlier). The root cause is missing permission checks across several HTTP endpoints, enabling attackers with Overall/Read permission to (a) enumerate credentials IDs stored in Jenkins and (b) connect to an ...
CVE-2023-24431
CVE-2023-24431 affects the Jenkins Orka by MacStadium Plugin (versions 1.31 and earlier). The issue is a missing permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs stored in Jenkins. This can facilitate credential exposure and ...
CVE-2023-24431
A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
PT-2023-19593 · Macstadium +1 · Jenkins Orka By Macstadium Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Orka by MacStadium Plugin versions 1.31 and earlier Description: The issue is related to missing permission checks, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specifi...
CVE-2023-24431
A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2023-24433
Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...