15 matches found
Cross-site Request Forgery
Jenkins Nexus Task Runner Plugin is vulnerable to a Cross-Site Request Forgery CSRF. The vulnerability is due to missing CSRF protection on sensitive plugin endpoints, where crafted requests can trigger actions without user interaction, allowing attackers to force an authenticated Jenkins user to...
Authorization Bypass
Jenkins Nexus Task Runner Plugin is vulnerable to an Authorization Bypass. The vulnerability is due to a missing permission check, allowing attackers with only Overall/Read permission to force the plugin to connect to an attacker-controlled URL using attacker-supplied credentials, potentially...
CVE-2025-64142
A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...
Cross-site Request Forgery (CSRF)
Overview org.jenkins-ci.plugins:nexus-task-runner is a This plugin executes Sonatype Nexus scheduled tasks after your build. For example, if you want to refresh your Nexus's repositories index after building your project, you can use execute a Nexus task whose type is "Publish index" using this...
EUVD-2025-36656
Jenkins Nexus Task Runner Plugin is missing a permission check...
GHSA-X2PV-FPH3-PHFX Jenkins Nexus Task Runner Plugin vulnerable to cross-site request forgery
Jenkins Nexus Task Runner Plugin 0.9.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. Additionally, this endpoint does not require POST...
CVE-2025-64142
A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2025-64141
A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2025-64142
A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2025-64142
A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2025-64142
CVE-2025-64142 affects Jenkins Nexus Task Runner Plugin versions 0.9.2 and earlier. Root cause per multiple sources: a missing permission check in the plugin’s HTTP endpoint allows an attacker with Overall/Read permission to cause the controller to connect to an attacker‑specified URL using attac...
CVE-2025-64141
A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2025-64141
A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2025-64141
CVE-2025-64141 describes a CSRF vulnerability in Jenkins Nexus Task Runner Plugin, affecting versions 0.9.2 and earlier. An attacker can cause the controller to connect to an attacker‑specified URL using attacker‑specified credentials via an HTTP endpoint (CSRF). Exploitation details are not prov...
Jenkins plugin Nexus Task Runner 安全漏洞
Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...