5 matches found
Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.15 Multiple Vulnerabilities (CloudBees Security Advisory 2023-04-12)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.15. It is, therefore, affected by multiple vulnerabilities including the following: - Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask i.e....
GHSA-JR86-6J4J-MV45 Jenkins Assembla merge request builder Plugin missing authentication to access endpoint
Jenkins Assembla merge request builder Plugin provides a webhook endpoint at /assembla-webhook/ that can be used to trigger builds of jobs configured to use a specified repository. In Assembla merge request builder Plugin 1.1.13 and earlier, this endpoint can be accessed without authentication...
Jenkins Assembla merge request builder Plugin missing authentication to access endpoint
Jenkins Assembla merge request builder Plugin provides a webhook endpoint at /assembla-webhook/ that can be used to trigger builds of jobs configured to use a specified repository. In Assembla merge request builder Plugin 1.1.13 and earlier, this endpoint can be accessed without authentication...
Design/Logic Flaw
A missing permission check in Jenkins Assembla merge request builder Plugin 1.1.13 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository...
CVE-2023-30521
The CVE-2023-30521 entry is supported by multiple connected documents confirming a vulnerability in the Jenkins Assembla merge request builder Plugin (versions 1.1.13 and earlier). The underlying issue is a missing permission check that allows unauthenticated attackers to trigger builds of jobs t...