4 matches found
PT-2023-31283 · Jenkins · Jenkins Neuvector Vulnerability Scanner Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins NeuVector Vulnerability Scanner Plugin versions 1.22 and earlier Description: A cross-site request forgery CSRF vulnerability exists due to the lack of permission checks in a connection test HTTP endpoint, allowing attackers with...
PT-2023-6024 · Jenkins · Jenkins Fortify Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Fortify Plugin versions 22.1.38 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored i...
PT-2022-17134 · Jenkins · Jenkins Autonomiq Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins autonomiq Plugin versions 1.15 and earlier Description: A cross-site request forgery CSRF vulnerability exists due to the lack of permission checks in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to ...
PT-2019-11802 · Jenkins · Jenkins Project Inheritance Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Project Inheritance Plugin version 2.0.0 and earlier Description: A cross-site request forgery issue exists due to a missing permission check in an HTTP endpoint that triggers project creation from templates. This allowed users with...