Lucene search
+L

27 matches found

CVE
CVE
added 2019/08/07 2:20 p.m.49 views

CVE-2019-10375

The CVE-2019-10375 issue affects the Jenkins File System SCM Plugin (versions 2.1 and earlier). If an attacker can configure jobs in Jenkins, they can read arbitrary files from the Jenkins master, due to an arbitrary file read vulnerability in the plugin. Remediation, where stated, is to upgrade ...

6.5CVSS6.3AI score0.0101EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/10/05 1:29 a.m.15 views

CVE-2017-1000093

Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it...

8.8CVSS8.6AI score0.00678EPSS
Exploits0References1
OSV
OSV
added 2017/10/05 1:29 a.m.8 views

CVE-2017-1000093

Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it...

8.8CVSS6.6AI score
Exploits0References1
Prion
Prion
added 2017/10/05 1:29 a.m.11 views

Cross site request forgery (csrf)

Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it...

6.8CVSS8.5AI score0.00678EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/10/04 1:0 a.m.62 views

CVE-2017-1000093

Summary: CVE-2017-1000093 pertains to the Jenkins Poll SCM Plugin, which failed to require API requests to be sent via POST, exposing it to Cross-Site Request Forgery attacks. This could allow an attacker to initiate polling of projects with a known name. The issue undermines the plugin’s permiss...

8.8CVSS8.5AI score0.00678EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/10/04 1:0 a.m.21 views

CVE-2017-1000093

Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it...

8.6AI score0.00678EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/04/14 6:0 p.m.33 views

CVE-2016-6299

The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file...

7.4AI score0.01729EPSS
Exploits1References6
Rows per page
Query Builder