10 matches found
GHSA-76X4-HR82-CG3M Jenkins ElectricFlow Plugin cross-site request forgery vulnerability
A missing permission check in a form validation method in CloudBees CD Plugin allowed users with Overall/Read permission to initiate a connection test to an attacker-specified server with attacker-specified username and password. Additionally, the form validation method did not require POST...
Jenkins ElectricFlow Plugin cross-site request forgery vulnerability
A missing permission check in a form validation method in CloudBees CD Plugin allowed users with Overall/Read permission to initiate a connection test to an attacker-specified server with attacker-specified username and password. Additionally, the form validation method did not require POST...
Jenkins ElectricFlow Plugin missing permission check
A missing permission check in a form validation method in CloudBees CD Plugin allowed users with Overall/Read permission to initiate a connection test to an attacker-specified server with attacker-specified username and password. Additionally, the form validation method did not require POST...
Jenkins JX Resources Plugin missing permission check
Jenkins jx-resources Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified Kubernetes server and obtain information about an attacker-specified namespace. Doing so might also le...
GHSA-J365-62PX-VJJV Jenkins GitLab Plugin Cross-Site Request Forgery vulnerability
Jenkins GitLab Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...
GHSA-92RV-MVMJ-47QH Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability
A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...
Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability
A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...
Jenkins Black Duck Detect Plugin information exposure vulnerability
Jenkins Black Duck Detect Plugin did not perform permission checks on methods implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credential...
GHSA-6W3H-VQ7M-V3QF Jenkins Black Duck Detect Plugin information exposure vulnerability
Jenkins Black Duck Detect Plugin did not perform permission checks on methods implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credential...
PT-2019-11702 · Jenkins · Jenkins Git Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins GitLab Plugin versions 1.5.11 and earlier Description: A cross-site request forgery issue exists due to insufficient permission checks and form validation in the GitLabConnectionConfigdoTestConnection method. This allows attackers to...