27 matches found
CVE-2022-29051
Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and earlier allow attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials...
Jenkins Enterprise and Operations Center 2.303.x < 2.303.30.0.10 / 2.332.2.6 Multiple Vulnerabilities (CloudBees Security Advisory 2022-04-12)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.303.x prior to 2.303.30.0.10, or 2.x prior to 2.332.2.6. It is, therefore, affected by multiple vulnerabilities, including the following: - Jenkins Pipeline: Shared Groovy Libraries Plugin...
Jenkins 跨站请求伪造漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.The Jenkins Publish Over FTP Plugin is vulnerable to cross-site request forgery, which can be exploited by an attacker to...
Jenkins Publish Over FTP Plugin 访问控制错误漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins Publish Over FTP Plugin 1.16 an...
Stored XSS vulnerability in Jenkins Publish Over SSH Plugin
Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...
GHSA-FJPM-HF7C-XGC2 Stored XSS vulnerability in Jenkins Publish Over SSH Plugin
Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...
Password stored in plain text by Jenkins Publish Over SSH Plugin
Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
GHSA-J8RG-4HJM-8R95 Path traversal vulnerability in Jenkins Publish Over SSH Plugin
Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files...
CVE-2022-23111
A cross-site request forgery CSRF vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...
CVE-2022-23110
Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...
CVE-2022-23112
A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials...
CVE-2022-23113
Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files...
CVE-2022-23114
Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
Cross site scripting
Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...
Design/Logic Flaw
A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials...
CVE-2022-23114
CVE-2022-23114 affects Jenkins Publish Over SSH Plugin 1.22 and earlier. The vulnerability is that passwords are stored unencrypted in the plugin’s global configuration file on the Jenkins controller, exposing credentials to users with filesystem access to the controller. The Red Hat advisory and...
CVE-2022-23112
CVE-2022-23112 concerns Jenkins Publish Over SSH Plugin, versions 1.22 and earlier. The root cause is a missing permission check that allows users with Overall/Read access to cause the controller to connect to an attacker‑specified SSH server using attacker‑supplied credentials. This enables pote...
CVE-2022-23111
A cross-site request forgery CSRF vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...
CVE-2022-23110
CVE-2022-23110 concerns Jenkins Publish Over SSH Plugin 1.22 and earlier, which does not escape the SSH server name, leading to a stored XSS vulnerability. Exploitation requires attacker to have Overall/Administer permission. The provided documents identify the affected plugin/version and the XSS...
Jenkins Plugin 安全漏洞
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins Publish Over SSH Plugin in 1.22 and earlier versions of the authorization problem vulnerability , the...