Lucene search
+L

36 matches found

RedHat Linux
RedHat Linux
added 2021/07/27 10:36 p.m.3 views

jenkins-2-plugins/matrix-auth: Incorrect permission checks in Matrix Authorization Strategy Plugin

A flaw was found in Jenkins Matrix Authorization Strategy Plugin. The jenkins plugin does not correctly perform permission checks, as consequences this allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders. The highest...

6.5CVSS5.8AI score0.01011EPSS
Exploits0References5
CNVD
CNVD
added 2021/03/19 12:0 a.m.30 views

Jenkins Matrix Authorization Strategy Access Control Error Vulnerability

Jenkins Matrix Authorization Strategy is a Jenkins open source application plugin . The plug-in in Jenkins to achieve fine-grained access control . An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permissions to nested...

6.5CVSS6.4AI score0.01011EPSS
Exploits0References1
NVD
NVD
added 2021/03/18 2:15 p.m.40 views

CVE-2021-21623

An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders...

6.5CVSS0.01011EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/03/18 1:35 p.m.41 views

CVE-2021-21623

An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders...

6.8AI score0.01011EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/03/18 12:0 a.m.19 views

Jenkins Matrix Authorization Strategy 安全漏洞

Jenkins Matrix Authorization Strategy is a Jenkins open source application plugin . The plug-in in Jenkins to achieve fine-grained access control . An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permissions to nested...

6.5CVSS5.7AI score0.01011EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2021/03/18 12:0 a.m.5 views

PT-2021-14666 · Oracle +1 · Java +1

Name of the Vulnerable Software and Affected Versions: Jenkins Matrix Authorization Strategy Plugin versions 2.6.5 and earlier Description: The issue arises from an incorrect permission check, allowing attackers with Item/Read permission on nested items to access them even if they lack Item/Read...

6.5CVSS6.2AI score0.01011EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2020/10/20 3:52 p.m.5 views

jenkins-2-plugins/matrix-auth: Stored XSS vulnerability in Matrix Authorization Strategy Plugin

A flaw was found in the Matrix Authorization Strategy Plugin version 2.6.1 and prior. User names are not escaped in the permission table which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure, Job/Configure, or Overall/Administer permissions fo...

5.4CVSS6.9AI score0.00919EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/27 10:15 a.m.9 views

jenkins-2-plugins/matrix-auth: Stored XSS vulnerability in Matrix Authorization Strategy Plugin

A flaw was found in the Matrix Authorization Strategy Plugin version 2.6.1 and prior. User names are not escaped in the permission table which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure, Job/Configure, or Overall/Administer permissions fo...

5.4CVSS6.9AI score0.00919EPSS
Exploits0References4
Veracode
Veracode
added 2020/08/19 2:50 a.m.25 views

Cross-site Scripting (XSS)

jenkins-2-plugins/matrix-auth is vulnerable to cross-site scripting XSS. The vulnerability exists in the Matrix Authorization Strategy Plugin...

5.4CVSS1.9AI score0.00919EPSS
Exploits0References4Affected Software12
RedHat Linux
RedHat Linux
added 2020/08/18 5:4 a.m.5 views

jenkins-2-plugins/matrix-auth: Stored XSS vulnerability in Matrix Authorization Strategy Plugin

A flaw was found in the Matrix Authorization Strategy Plugin version 2.6.1 and prior. User names are not escaped in the permission table which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure, Job/Configure, or Overall/Administer permissions fo...

5.4CVSS6.9AI score0.00919EPSS
Exploits0References4
CNVD
CNVD
added 2020/07/20 12:0 a.m.5 views

CloudBees Jenkins Matrix Authorization Strategy Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

5.4CVSS6.5AI score0.00919EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2020/07/15 9:7 p.m.26 views

CVE-2020-2226

A flaw was found in the Matrix Authorization Strategy Plugin version 2.6.1 and prior. User names are not escaped in the permission table which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure, Job/Configure, or Overall/Administer permissions fo...

3.5CVSS1.8AI score0.00919EPSS
Exploits0References3
OSV
OSV
added 2020/07/15 6:15 p.m.20 views

CVE-2020-2226

Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability...

5.4CVSS5.7AI score
Exploits0References2
Prion
Prion
added 2020/07/15 6:15 p.m.16 views

Cross site scripting

Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability...

3.5CVSS5.6AI score0.00919EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/07/15 5:0 p.m.142 views

CVE-2020-2226

The CVE-2020-2226 issue affects Jenkins Matrix Authorization Strategy Plugin, version 2.6.1 and earlier, where user names shown in the configuration were not escaped, enabling a stored cross-site scripting (XSS) vulnerability. The vulnerability can be exploited by users with Job/Configure or Agen...

5.4CVSS5AI score0.00919EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/07/15 12:0 a.m.5 views

PT-2020-15442 · Jenkins · Jenkins Matrix Authorization Strategy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Matrix Authorization Strategy Plugin versions 2.6.1 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because user names shown in the configuration or permission table are not...

8CVSS5.3AI score0.00919EPSS
Exploits0References8
Rows per page
Query Builder