Lucene search
K

10 matches found

OSV
OSV
added 2022/05/24 4:47 p.m.14 views

GHSA-76X4-HR82-CG3M Jenkins ElectricFlow Plugin cross-site request forgery vulnerability

A missing permission check in a form validation method in CloudBees CD Plugin allowed users with Overall/Read permission to initiate a connection test to an attacker-specified server with attacker-specified username and password. Additionally, the form validation method did not require POST...

4.3CVSS4.4AI score0.01058EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 4:47 p.m.24 views

Jenkins ElectricFlow Plugin cross-site request forgery vulnerability

A missing permission check in a form validation method in CloudBees CD Plugin allowed users with Overall/Read permission to initiate a connection test to an attacker-specified server with attacker-specified username and password. Additionally, the form validation method did not require POST...

4.3CVSS6.7AI score0.01058EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 4:47 p.m.25 views

Jenkins ElectricFlow Plugin missing permission check

A missing permission check in a form validation method in CloudBees CD Plugin allowed users with Overall/Read permission to initiate a connection test to an attacker-specified server with attacker-specified username and password. Additionally, the form validation method did not require POST...

4.3CVSS6.7AI score0.01829EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 4:47 p.m.21 views

Jenkins JX Resources Plugin missing permission check

Jenkins jx-resources Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified Kubernetes server and obtain information about an attacker-specified namespace. Doing so might also le...

8.8CVSS6.3AI score0.01832EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/24 4:43 p.m.18 views

GHSA-J365-62PX-VJJV Jenkins GitLab Plugin Cross-Site Request Forgery vulnerability

Jenkins GitLab Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...

8CVSS7.5AI score0.01355EPSS
Exploits0References4
OSV
OSV
added 2022/05/14 3:13 a.m.20 views

GHSA-92RV-MVMJ-47QH Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability

A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...

4.2CVSS6.4AI score0.00988EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/14 3:13 a.m.22 views

Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability

A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...

6.5CVSS2.7AI score0.00988EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 1:9 a.m.23 views

Jenkins Black Duck Detect Plugin information exposure vulnerability

Jenkins Black Duck Detect Plugin did not perform permission checks on methods implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credential...

6.5CVSS6.7AI score0.00988EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/14 1:9 a.m.19 views

GHSA-6W3H-VQ7M-V3QF Jenkins Black Duck Detect Plugin information exposure vulnerability

Jenkins Black Duck Detect Plugin did not perform permission checks on methods implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credential...

6.5CVSS6.4AI score0.00988EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/04/18 12:0 a.m.8 views

PT-2019-11702 · Jenkins · Jenkins Git Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins GitLab Plugin versions 1.5.11 and earlier Description: A cross-site request forgery issue exists due to insufficient permission checks and form validation in the GitLabConnectionConfigdoTestConnection method. This allows attackers to...

8CVSS7.4AI score0.01355EPSS
Exploits0References7
Rows per page
Query Builder