27 matches found
CVE-2019-10375
The CVE-2019-10375 issue affects the Jenkins File System SCM Plugin (versions 2.1 and earlier). If an attacker can configure jobs in Jenkins, they can read arbitrary files from the Jenkins master, due to an arbitrary file read vulnerability in the plugin. Remediation, where stated, is to upgrade ...
CVE-2017-1000093
Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it...
CVE-2017-1000093
Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it...
Cross site request forgery (csrf)
Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it...
CVE-2017-1000093
Summary: CVE-2017-1000093 pertains to the Jenkins Poll SCM Plugin, which failed to require API requests to be sent via POST, exposing it to Cross-Site Request Forgery attacks. This could allow an attacker to initiate polling of projects with a known name. The issue undermines the plugin’s permiss...
CVE-2017-1000093
Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it...
CVE-2016-6299
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file...