Lucene search
K

19 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:51 p.m.10 views

CVE-2022-30949

Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents...

5.3CVSS6.1AI score0.00958EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:42 a.m.2 views

SUSE CVE-2017-12148

A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project SCM repository definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that...

9CVSS9AI score0.01707EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/07/28 12:0 a.m.45 views

Lack of authentication mechanism in Jenkins Git Plugin webhook

Git Plugin provides a webhook endpoint at /git/notifyCommit that can be used to notify Jenkins of changes to an SCM repository. For its most basic functionality, this endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. In Gi...

7.5CVSS7.5AI score0.05563EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/28 12:0 a.m.33 views

Lack of authentication mechanism in Jenkins Git Plugin webhook

Git Plugin provides a webhook endpoint at /git/notifyCommit that can be used to notify Jenkins of changes to an SCM repository. For its most basic functionality, this endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. In Gi...

5.3CVSS6.1AI score0.00853EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:17 p.m.16 views

RCE vulnerability in SCM Filter Jervis Plugin

SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution RCE vulnerability exploitable by users able to configure jobs with the filter, or control the contents of a previously configured...

8.8CVSS8.9AI score0.02282EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 5:15 p.m.20 views

GHSA-324H-2V7H-Q3XX RCE vulnerability in Jenkins Yaml Axis Plugin

Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution RCE vulnerability exploitable by users able to configure a multi-configuration Matrix job, or control the contents of a previously...

8.8CVSS9AI score0.02867EPSS
Exploits0References5
NVD
NVD
added 2022/05/17 3:15 p.m.28 views

CVE-2022-30948

Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents...

7.5CVSS0.01295EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2022/01/24 6:5 p.m.43 views

CVE-2022-20617

An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...

8.8CVSS1.9AI score0.02277EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/01/13 12:1 a.m.32 views

OS command execution vulnerability in Jenkins Docker Commons Plugin

Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...

8.8CVSS8.3AI score0.02277EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2022/01/12 8:15 p.m.19 views

CVE-2022-20617

Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...

8.8CVSS0.02277EPSS
Exploits0References2
Prion
Prion
added 2022/01/12 8:15 p.m.21 views

Command injection

Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...

6.5CVSS8.4AI score0.02277EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/01/12 7:5 p.m.27 views

CVE-2022-20617

Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...

8.8AI score0.02277EPSS
Exploits0References2
CVE
CVE
added 2019/07/31 12:45 p.m.97 views

CVE-2019-10357

CVE-2019-10357 concerns Jenkins Pipeline: Shared Groovy Libraries Plugin (versions 2.14 and earlier). The issue is a missing permission check that allowed users with Overall/Read access to obtain limited information about content in SCM repositories referenced by global libraries. Connected docum...

4.3CVSS4.4AI score0.01213EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2018/07/27 4:29 p.m.31 views

CVE-2017-12148

A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project SCM repository definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that...

7.2CVSS7.3AI score0.01707EPSS
Exploits0References2
Prion
Prion
added 2018/07/27 4:29 p.m.28 views

Design/Logic Flaw

A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project SCM repository definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that...

9CVSS7.6AI score0.01707EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2018/07/27 4:29 p.m.39 views

CVE-2017-12148

A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project SCM repository definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that...

9CVSS8.6AI score0.01707EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2017/09/19 8:18 a.m.37 views

CVE-2017-12148

A flaw was found in Tower's interface with SCM repositories. If a Tower project SCM repository definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower,...

9CVSS2.1AI score0.01707EPSS
Exploits0References1
Fedora
Fedora
added 2015/06/10 7:17 p.m.27 views

[SECURITY] Fedora 22 Update: fusionforge-5.3.2-4.fc22

FusionForge provides many tools to aid collaboration in a development project, such as bug-tracking, task management, mailing-lists, SCM repository, forums, support request helper, web/FTP hosting, release management, etc. All these services are integrated into one web site and managed through a...

10CVSS1.3AI score0.04496EPSS
Exploits0
Fedora
Fedora
added 2015/06/10 7:5 p.m.51 views

[SECURITY] Fedora 21 Update: fusionforge-5.3.2-4.fc21

FusionForge provides many tools to aid collaboration in a development project, such as bug-tracking, task management, mailing-lists, SCM repository, forums, support request helper, web/FTP hosting, release management, etc. All these services are integrated into one web site and managed through a...

10CVSS1.3AI score0.04496EPSS
Exploits0
Rows per page
Query Builder