21 matches found
EUVD-2026-8656
A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub Backstage. The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user can inject specially crafted input into API requests, which disrupts backend query processing. This...
CVE-2026-3118
A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub Backstage. The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user can inject specially crafted input into API requests, which disrupts backend query processing. This...
CVE-2026-3118
A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub Backstage. The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user can inject specially crafted input into API requests, which disrupts backend query processing. This...
CVE-2026-3118 Rhdh: graphql injection leading to platform-wide denial of service (dos) in rh developer hub orchestrator plugin
A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub Backstage. The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user can inject specially crafted input into API requests, which disrupts backend query processing. This...
CVE-2026-3118 Rhdh: graphql injection leading to platform-wide denial of service (dos) in rh developer hub orchestrator plugin
A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub Backstage. The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user can inject specially crafted input into API requests, which disrupts backend query processing. This...
CVE-2026-3118
The CVE covers CVE-2026-3118 affecting the Orchestrator Plugin in Red Hat Developer Hub (Backstage). The root cause is insufficient input validation in GraphQL query handling, allowing an authenticated user to inject crafted input that disrupts backend query processing and triggers a platform-wid...
CVE-2026-3118
A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub Backstage. The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user can inject specially crafted input into API requests, which disrupts backend query processing. This...
PT-2026-21899
A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub Backstage. The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user can inject specially crafted input into API requests, which disrupts backend query processing. This...
GHSA-35R9-GFQF-R6CW Missing permission check in Jenkins vRealize Orchestrator Plugin
A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL...
Jenkins vRealize Orchestrator Plugin授权问题漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins vRealize Orchestrator Plugin 3.0...
CVE-2022-34211
A cross-site request forgery CSRF vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL...
CVE-2022-34211
A cross-site request forgery CSRF vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL...
Design/Logic Flaw
A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL...
CVE-2022-34212
CVE-2022-34212 : Jenkins vRealize Orchestrator Plugin 3.0 and earlier has a missing permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send a POST request to an attacker-specified URL. The issue is part of a broader set of Jenkins plugin vulnerabilities repor...
CVE-2022-34212
A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL...
CVE-2022-34211
CVE-2022-34211 describes a CSRF in the Jenkins vRealize Orchestrator Plugin (versions 3.0 and earlier) where an attacker can induce the plugin’s HTTP endpoint to perform a POST to a URL of the attacker’s choosing. The root cause is a lack of permission checks on the vulnerable HTTP endpoint, enab...
CVE-2022-34211
A cross-site request forgery CSRF vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL...
CVE-2022-34211
A cross-site request forgery CSRF vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL...
PT-2022-22082 · Vmware +1 · Jenkins Vrealize Orchestrator Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins vRealize Orchestrator Plugin versions 3.0 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to send an HTTP POST request to an attacker-specified URL. This issue enables attackers to perform...