CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

827 matches found

OSV•added 2023/01/26 9:30 p.m.•3 views

GHSA-CCF4-9HJC-XXC4 Jenkins GitHub Pull Request Builder Plugin missing permission check allows enumerating credentials IDs

Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credential...

4.3CVSS5.8AI score0.00661EPSS

Exploits0References4

OSV•added 2023/01/26 9:30 p.m.•40 views

GHSA-4X65-4FJX-R7M6 Plaintext storage of Access Token in Jenkins GitHub Pull Request Coverage Status Plugin

Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file...

5.5CVSS5.8AI score0.00229EPSS

Exploits0References2

Github Security Blog•added 2023/01/26 9:30 p.m.•29 views

Missing permission checks in Jenkins GitHub Pull Request Builder Plugin

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS6.9AI score0.00821EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2023/01/26 9:30 p.m.•48 views

Jenkins GitHub Pull Request Builder Plugin missing permission check allows enumerating credentials IDs

4.3CVSS4.4AI score0.00661EPSS

Exploits0References4Affected Software1

Github Security Blog•added 2023/01/26 9:30 p.m.•46 views

CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin

A cross-site request forgery CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS8.7AI score0.00556EPSS

Exploits0References3Affected Software1

NVD•added 2023/01/26 9:18 p.m.•16 views

CVE-2023-24436

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS4.5AI score0.00661EPSS

Exploits0References1

NVD•added 2023/01/26 9:18 p.m.•22 views

CVE-2023-24434

8.8CVSS8.8AI score0.00556EPSS

Exploits0References1

OSV•added 2023/01/26 9:18 p.m.•14 views

CVE-2023-24434

8.8CVSS8.8AI score

Exploits0References1

Prion•added 2023/01/26 9:18 p.m.•20 views

Cross site request forgery (csrf)

6.8CVSS8.7AI score0.00556EPSS

Exploits0References1Affected Software1

Prion•added 2023/01/26 9:18 p.m.•16 views

Design/Logic Flaw

4CVSS6.3AI score0.00821EPSS

Exploits0References1Affected Software1

CNNVD•added 2023/01/26 12:0 a.m.•16 views

Jenkins Plugin GitHub Pull Request Builder 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS6.5AI score0.00821EPSS

Exploits0References4

CNNVD•added 2023/01/26 12:0 a.m.•4 views

Jenkins Plugin GitHub Pull Request Builder 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.2AI score0.00661EPSS

Exploits0References3

CNNVD•added 2023/01/26 12:0 a.m.•2 views

Jenkins Plugin GitHub Pull Request Coverage Status 安全漏洞

5.5CVSS5.8AI score0.00229EPSS

Exploits0References2

CNNVD•added 2023/01/26 12:0 a.m.•3 views

Jenkins Plugin GitHub Pull Request Builder 跨站请求伪造漏洞

8.8CVSS7.7AI score0.00556EPSS

Exploits0References3

Cvelist•added 2023/01/24 12:0 a.m.•35 views

CVE-2023-24435

6.5AI score0.00821EPSS

Exploits0References1

Positive Technologies•added 2023/01/24 12:0 a.m.•2 views

PT-2023-19594 · Jenkins · Jenkins Github Pull Request Builder Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins GitHub Pull Request Builder Plugin versions 1.42.2 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing...

8.8CVSS8.5AI score0.00556EPSS

Exploits0References5

Positive Technologies•added 2023/01/24 12:0 a.m.•2 views

PT-2023-19595 · Jenkins · Jenkins Github Pull Request Builder Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins GitHub Pull Request Builder Plugin versions 1.42.2 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified...

6.5CVSS6.2AI score0.00821EPSS

Exploits0References7

Vulnrichment•added 2023/01/24 12:0 a.m.•7 views

CVE-2023-24436

6.7AI score0.00661EPSS

Exploits0References1

Positive Technologies•added 2023/01/24 12:0 a.m.•4 views

PT-2023-19596 · Jenkins · Jenkins Github Pull Request Builder Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins GitHub Pull Request Builder Plugin versions 1.42.2 and earlier Description: A missing permission check in the Jenkins GitHub Pull Request Builder Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of...

4.3CVSS4.2AI score0.00661EPSS

Exploits0References7