Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

13 matches found

OSV
OSVadded 2022/05/24 4:50 p.m.14 views

GHSA-76W6-M7VV-7HHW Missing permission check in Jenkins Docker Plugin

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...

6.5CVSS6.3AI score0.00167EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2022/05/24 4:43 p.m.16 views

Jenkins GitLab Plugin Cross-Site Request Forgery vulnerability

Jenkins GitLab Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...

8CVSS6.2AI score0.00084EPSS
Exploits0References5Affected Software1
CNNVD
CNNVDadded 2022/03/15 12:0 a.m.2 views

Jenkins Kubernetes Continuous Deploy Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability can be exploited by an attacker with Overall/Read privilege...

6.5CVSS5.6AI score0.00065EPSS
Exploits0References7
Github Security Blog
Github Security Blogadded 2022/01/13 12:0 a.m.21 views

CSRF vulnerability in Jenkins batch task Plugin

Cross-site request forgery CSRF vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task...

5.8CVSS4.5AI score0.00758EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2022/01/13 12:0 a.m.22 views

GHSA-MH8G-8JWP-Q6XW CSRF vulnerability in Jenkins batch task Plugin

Cross-site request forgery CSRF vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task...

5.4CVSS6AI score0.00758EPSS
Exploits0References5
Prion
Prionadded 2022/01/12 8:15 p.m.12 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task...

5.8CVSS5.6AI score0.00758EPSS
Exploits0References2Affected Software1
Microsoft CVE
Microsoft CVEadded 2020/09/25 12:0 a.m.4 views

A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

...

6.4CVSS7AI score0.00039EPSS
Exploits0
Cvelist
Cvelistadded 2020/08/12 1:25 p.m.12 views

CVE-2020-2233

A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

6.3AI score0.00048EPSS
Exploits0References2
Cvelist
Cvelistadded 2020/02/12 2:35 p.m.13 views

CVE-2020-2118

A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

4.5AI score0.00031EPSS
Exploits0References2
NVD
NVDadded 2019/07/31 1:15 p.m.11 views

CVE-2019-10344

Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins...

4.3CVSS4.5AI score0.00031EPSS
Exploits0References2
NVD
NVDadded 2019/01/09 11:29 p.m.12 views

CVE-2018-1000412

An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.java that allows attackers with Overall/Read access to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

8.8CVSS8.6AI score0.00096EPSS
Exploits0References2
NVD
NVDadded 2018/06/05 8:29 p.m.20 views

CVE-2018-1000182

A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a...

6.4CVSS6.3AI score0.00039EPSS
Exploits0References1
Prion
Prionadded 2018/06/05 8:29 p.m.20 views

Server side request forgery (ssrf)

A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a...

5.5CVSS6.2AI score0.00039EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder