24 matches found
UBUNTU-CVE-2026-45989
In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in testdrvprobe The function testdrvprobe retrieves the devicenode from the PCI device, applies an overlay, and then immediately calls ofnodeputdn. This releases the reference held by the PCI core...
EUVD-2020-21854
Malware in sbrugna...
CVE-2022-28149
Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-28152
A cross-site request forgery CSRF vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job...
Jenkins Job and Node ownership Plugin跨站请求伪造漏洞(CNVD-2022-54921)
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Job and Node ownership Plugin...
Jenkins Job and Node ownership Plugin跨站请求伪造漏洞
Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Job and Node ownership Plugin 0.13.0 and earlier versions are vulnerable to cross-site request forgery, which can be exploited by...
Missing permission check in Jenkins Job and Node ownership Plugin
A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job...
GHSA-85F9-W9CX-H363 Cross site request forgery in Jenkins Job and Node ownership Plugin
Job and Node ownership Plugin 0.13.0 and earlier does not perform a permission check in several HTTP endpoints. This allows attackers with Item/Read permission to change the owners and item-specific permissions of a job. Additionally, this endpoint does not require POST requests, resulting in a...
Cross site request forgery in Jenkins Job and Node ownership Plugin
Job and Node ownership Plugin 0.13.0 and earlier does not perform a permission check in several HTTP endpoints. This allows attackers with Item/Read permission to change the owners and item-specific permissions of a job. Additionally, this endpoint does not require POST requests, resulting in a...
GHSA-25F2-WGXJ-PH29 Missing permission check in Jenkins Job and Node ownership Plugin
A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job...
CVE-2022-28149
Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-28149
Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-28151
A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job...
Design/Logic Flaw
A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job...
Cross site scripting
Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-28152
The CVE-2022-28152 entry concerns a CSRF vulnerability in Jenkins Job and Node ownership Plugin (versions 0.13.0 and earlier) that allows an attacker to restore the default ownership of a job. This is documented across multiple sources (OSV, CNVD/CNNVD, CVE listings) confirming the affected compo...
CVE-2022-28151
CVE-2022-28151 : A missing permission check in the Jenkins Job and Node ownership Plugin (0.13.0 and earlier) allows attackers with Item/Read permission to change the owners and item-specific permissions of a job. This is caused by unsafely bypassed authorization checks across multiple HTTP endpo...
CVE-2022-28149
CVE-2022-28149 affects Jenkins “Job and Node ownership” Plugin (versions 0.13.0 and earlier). The issue arises because secondary owner names are not escaped, causing stored XSS. Exploitation requires Item/Configure permission to trigger JavaScript execution in the client. No remediation details a...
Jenkins Job and Node ownership Plugin 访问控制错误漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Job and Node ownership Plugin 0.13.0 and earlier versions are vulnerable to an authorization issue that stems from...
Xen oxenstored DoS (XSA-352)
According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability due to an issue with oxenstored. A malicious guest administrator can change xenstore node ownership to run another guest out of quota, or create an...