PT-2023-27394 · Jenkins · Jenkins Folders Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Folders Plugin versions 6.846.v23698686f0f6 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to copy folders, potentially leading to the automatic approval of unsandboxed scripts and the...

PT-2023-26813 · Jenkins · Jenkins Bazaar Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Bazaar Plugin versions 1.22 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to delete previously created Bazaar SCM tags. This issue arises because the plugin does not require POST requests fo...

PT-2022-18836 · Jenkins · Jenkins Rocketchat Notifier Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins RocketChat Notifier Plugin versions 1.4.10 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials. This issue arises becau...

PT-2021-14676 · Jenkins · Jenkins Owasp Dependency-Track Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OWASP Dependency-Track Plugin versions 3.1.0 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins. The issue arises...

SUSE SLED12 / SLES12 Security Update : ctags (SUSE-SU-2016:2097-1)

This update for ctags fixes the following issues : - CVE-2014-7204: Potential denial of service infinite loop and CPU and disk consumption via a crafted JavaScript file. bsc899486 - Missing Requirespost on coreutils as it is using rm1. bsc976920 Note that Tenable Network Security has extracted th...