GHSA-998M-F2X3-JJQ4 CSRF vulnerability in Jenkins Config File Provider Plugin allows deleting configuration files

Jenkins Config File Provider Plugin 3.7.0 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to delete configuration files corresponding to an attacker-specified ID. This is due to an...

PT-2020-15297 · Jenkins · Jenkins Amazon Ec2 Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Amazon EC2 Plugin versions 1.47 and earlier Description: A missing permission check in the Jenkins Amazon EC2 Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using...

PT-2019-11737 · Jenkins · Jenkins Jx Resources Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins JX Resources Plugin versions 1.0.36 and earlier Description: A cross-site request forgery issue allows attackers to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials. The vulnerability is...

PT-2019-11333 · Jenkins · Jenkins Slack Notification Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Slack Notification Plugin versions 2.19 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs,...