35 matches found
The vulnerability of the mobile plugin for data processing in Atlassian Jira Service Management Server and Data Center allows a perpetrator to execute an SSRF attack.
The vulnerability of the mobile plugin for data center processing in tlassian Jira Service Management Server and Data Center is related to insufficient testing of requests on the server side. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...
CVE-2022-26135
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user including a user who joined via the sign-up feature to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0...
CVE-2022-26135
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user including a user who joined via the sign-up feature to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0...
CVE-2022-26135
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user including a user who joined via the sign-up feature to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0...
CVE-2022-26135
CVE-2022-26135 affects Atlassian Jira Server/Data Center and Jira Service Management (Mobile Plugin for Jira) with a server-side request forgery (SSRF) via the batch endpoint. A remote, authenticated user (including sign-up users) can read server-side resources. Affected Jira Server/Data Center v...
Vulnerability fixed in Atlassian Jira
Atlassian has fixed a vulnerability in Jira. A authenticated malicious person could exploit the vulnerability to execute a server-side request-forgery attack. This enables the malicious party to gain access to sensitive data or information about the system. The vulnerability is located in a plug-...
CVE-2022-34201
A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...
Full Read SSRF in Mobile Plugin CVE-2022-26135
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user including a user who joined via the sign-up feature to perform a full read server-side request forgery via a batch endpoint. This affects Jira Management Server and Data Center versions from versi...
Full Read SSRF in Mobile Plugin CVE-2022-26135
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user including a user who joined via the sign-up feature to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0...
Jenkins Perfecto Mobile Plugin stores credentials in plain text
Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CloudBees Jenkins Perfecto Mobile Plugin Trust Management Issue Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Perfecto Mobile Plugin is used in one of the mobile...
Design/Logic Flaw
Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-1003095
CVE-2019-1003095 affects the Jenkins Perfecto Mobile Plugin, where credentials are stored in plaintext in the plugin’s global configuration file on the Jenkins master and can be viewed by users with master-file-system access. This creates a confidentiality risk per cited sources. The connected do...
CVE-2019-1003095
Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
WordPress Mobile Pack <= 2.1.2 - Information Disclosure
The WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps WordPress plugin was affected by an Information Disclosure security vulnerability...