WordPress Plugin WP SMS Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2022-28135

Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

Jenkins instant-messaging Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from unencrypted group chat passwords stored in the...

PT-2022-18833 · Jenkins · Jenkins Instant-Messaging Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins instant-messaging Plugin versions 1.41 and earlier Description: The issue allows passwords for group chats to be stored unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins...

Age Gate < 2.16.4 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape the 'Additional content' setting of its 'Messaging' page, which could allow users having access to such setting by default admin, but the plugin has a feature to change this and allow access to lower privileged users to perform Cross-Site Scripting attacks...

CloudBees Jenkins JMS Messaging Plugin Server Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . JMS Messaging Plugin is used in one of the...

CVE-2019-1003028

A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint...

CVE-2019-1003028

A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint...

CVE-2019-1003028

The provided connected documents confirm a server-side request forgery (SSRF) in Jenkins JMS Messaging Plugin up to version 1.1.1, caused by issues in SSLCertificateAuthenticationMethod.java and UsernameAuthenticationMethod.java. The vulnerability allows attackers with Overall/Read permission to ...

PT-2019-11325 · Jenkins · Jenkins Jms Messaging Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins JMS Messaging Plugin versions 1.1.1 and earlier Description: A server-side request forgery issue exists that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint. This is due to vulnerabilities in th...