Lucene search
K

35 matches found

BDU FSTEC
BDU FSTEC
added 2023/03/07 12:0 a.m.6 views

The vulnerability of the mobile plugin for data processing in Atlassian Jira Service Management Server and Data Center allows a perpetrator to execute an SSRF attack.

The vulnerability of the mobile plugin for data center processing in tlassian Jira Service Management Server and Data Center is related to insufficient testing of requests on the server side. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

6.5CVSS5.6AI score0.00544EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2022/06/30 6:15 a.m.24 views

CVE-2022-26135

A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user including a user who joined via the sign-up feature to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0...

6.5CVSS0.71169EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/06/30 5:20 a.m.34 views

CVE-2022-26135

A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user including a user who joined via the sign-up feature to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0...

6.6AI score0.71169EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/06/30 5:20 a.m.33 views

CVE-2022-26135

A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user including a user who joined via the sign-up feature to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0...

6.4AI score0.71169EPSS
Exploits1References3
CVE
CVE
added 2022/06/30 5:20 a.m.160 views

CVE-2022-26135

CVE-2022-26135 affects Atlassian Jira Server/Data Center and Jira Service Management (Mobile Plugin for Jira) with a server-side request forgery (SSRF) via the batch endpoint. A remote, authenticated user (including sign-up users) can read server-side resources. Affected Jira Server/Data Center v...

6.5CVSS6.2AI score0.71169EPSS
Exploits1References3Affected Software4
NCSC
NCSC
added 2022/06/30 12:0 a.m.4 views

Vulnerability fixed in Atlassian Jira

Atlassian has fixed a vulnerability in Jira. A authenticated malicious person could exploit the vulnerability to execute a server-side request-forgery attack. This enables the malicious party to gain access to sensitive data or information about the system. The vulnerability is located in a plug-...

6.5CVSS6.8AI score0.71169EPSS
Exploits1
OSV
OSV
added 2022/06/23 5:15 p.m.2 views

CVE-2022-34201

A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

6.5CVSS6.4AI score0.00574EPSS
Exploits0References1
Atlassian
Atlassian
added 2022/06/22 4:5 p.m.66 views

Full Read SSRF in Mobile Plugin CVE-2022-26135

A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user including a user who joined via the sign-up feature to perform a full read server-side request forgery via a batch endpoint. This affects Jira Management Server and Data Center versions from versi...

6.5CVSS4.8AI score0.71169EPSS
Exploits1
Atlassian
Atlassian
added 2022/05/27 8:29 p.m.66 views

Full Read SSRF in Mobile Plugin CVE-2022-26135

A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user including a user who joined via the sign-up feature to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0...

6.5CVSS6.5AI score0.71169EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/05/13 1:17 a.m.18 views

Jenkins Perfecto Mobile Plugin stores credentials in plain text

Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

6.5CVSS6.7AI score0.01186EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2019/08/23 12:0 a.m.3 views

CloudBees Jenkins Perfecto Mobile Plugin Trust Management Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Perfecto Mobile Plugin is used in one of the mobile...

6.5CVSS6.9AI score0.01186EPSS
Exploits0References1
Prion
Prion
added 2019/04/04 4:29 p.m.15 views

Design/Logic Flaw

Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

4CVSS6.4AI score0.01186EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2019/04/04 3:38 p.m.57 views

CVE-2019-1003095

CVE-2019-1003095 affects the Jenkins Perfecto Mobile Plugin, where credentials are stored in plaintext in the plugin’s global configuration file on the Jenkins master and can be viewed by users with master-file-system access. This creates a confidentiality risk per cited sources. The connected do...

6.5CVSS6.3AI score0.01186EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/04/04 3:38 p.m.40 views

CVE-2019-1003095

Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

6.4AI score0.01186EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2015/07/18 12:0 a.m.16 views

WordPress Mobile Pack <= 2.1.2 - Information Disclosure

The WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps WordPress plugin was affected by an Information Disclosure security vulnerability...

5CVSS1.1AI score0.03195EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder