Lucene search
+L

34 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.8 views

CVE-2023-50768

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS6.7AI score0.00447EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.4 views

CVE-2023-50769

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS6.7AI score0.00485EPSS
Exploits0References1
OSV
OSV
added 2023/12/13 6:31 p.m.50 views

GHSA-9VRM-747R-668V Jenkins Nexus Platform Plugin missing permission check

Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. Additionally, the plugin does not...

7.1CVSS5.8AI score0.0044EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/12/13 6:31 p.m.27 views

Jenkins Nexus Platform Plugin missing permission check

Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another...

4.3CVSS6.6AI score0.00485EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/13 6:31 p.m.25 views

Jenkins Nexus Platform Plugin missing permission check

Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. Additionally, the plugin does not...

5.4CVSS6.8AI score0.0044EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/13 6:31 p.m.26 views

Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability

Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. Additionally, the plugin does not...

8.8CVSS6.8AI score0.00447EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/12/13 6:31 p.m.33 views

GHSA-PHJQ-7XQP-2526 Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability

Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another...

4.2CVSS8.7AI score0.00447EPSS
Exploits0References6
OSV
OSV
added 2023/12/13 6:31 p.m.33 views

GHSA-4G5F-W3MH-W99M Jenkins Nexus Platform Plugin missing permission check

Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another...

4.2CVSS4.9AI score0.00485EPSS
Exploits0References6
NVD
NVD
added 2023/12/13 6:15 p.m.32 views

CVE-2023-50767

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML...

5.4CVSS0.0044EPSS
Exploits0References2
NVD
NVD
added 2023/12/13 6:15 p.m.32 views

CVE-2023-50768

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS0.00447EPSS
Exploits0References2
OSV
OSV
added 2023/12/13 6:15 p.m.25 views

CVE-2023-50768

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS8.7AI score
Exploits0References2
OSV
OSV
added 2023/12/13 6:15 p.m.16 views

CVE-2023-50766

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML...

8.8CVSS8.7AI score
Exploits0References2
NVD
NVD
added 2023/12/13 6:15 p.m.29 views

CVE-2023-50769

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS0.00485EPSS
Exploits0References2
OSV
OSV
added 2023/12/13 6:15 p.m.24 views

CVE-2023-50767

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML...

5.4CVSS5.4AI score
Exploits0References2
OSV
OSV
added 2023/12/13 6:15 p.m.23 views

CVE-2023-50769

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS4.6AI score
Exploits0References2
Prion
Prion
added 2023/12/13 6:15 p.m.20 views

Design/Logic Flaw

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4CVSS6.7AI score0.00485EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/12/13 6:15 p.m.22 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.8CVSS6.8AI score0.00447EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/12/13 5:30 p.m.67 views

CVE-2023-50768

CVE-2023-50768 concerns a CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier. The issue allows an attacker to cause Jenkins to connect to an attacker-controlled HTTP server using attacker-specified credentials IDs (obtained through another method), which can result in crede...

8.8CVSS8.6AI score0.00447EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/12/13 5:30 p.m.11 views

CVE-2023-50768

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8AI score0.00447EPSS
Exploits0References2
CVE
CVE
added 2023/12/13 5:30 p.m.55 views

CVE-2023-50769

CVE-2023-50769 affects Jenkins Nexus Platform Plugin 3.18.0-03 and earlier. Missing permission checks let users with Overall/Read connect to an attacker‑specified HTTP server using attacker‑specified credentials IDs, potentially capturing credentials stored in Jenkins. Red Hat and broader advisor...

4.3CVSS4.4AI score0.00485EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder