CVE-2023-30518

A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2023-30518

A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2023-30518

This CVE (CVE-2023-30518) affects Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier. Root cause: a missing permission check in the plugin’s HTTP endpoint. Impact: attackers with Overall/Read can enumerate credentials IDs of credentials stored in Jenkins, potentially aiding credential exposu...

PT-2023-22745 · Jenkins · Jenkins Thycotic Secret Server Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Thycotic Secret Server Plugin versions 1.0.2 and earlier Description: A missing permission check in the Jenkins Thycotic Secret Server Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials...

CVE-2022-34149 WordPress WP OAuth Server plugin <= 3.0.4 - Authentication Bypass vulnerability

Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin = 3.0.4 at WordPress...

CVE-2022-34839 WordPress WP OAuth2 Server plugin <= 1.0.1 - Authentication Bypass vulnerability

Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server plugin = 1.0.1 at WordPress...

CVE-2022-34839 WordPress WP OAuth2 Server plugin <= 1.0.1 - Authentication Bypass vulnerability

Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server plugin = 1.0.1 at WordPress...

WordPress WP OAuth2 Server plugin <= 1.0.1 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by Lana Codes in WordPress WP OAuth2 Server plugin versions = 1.0.1. Solution Deactivate and delete. This plugin has been closed as of June 23, 2022 and is not available for download. This closure is temporary, pending a full review...

Vulnerability fixed in Atlassian Jira

Atlassian has fixed a vulnerability in Jira. A authenticated malicious person could exploit the vulnerability to execute a server-side request-forgery attack. This enables the malicious party to gain access to sensitive data or information about the system. The vulnerability is located in a plug-...

GHSA-CC7J-XX7Q-FR34 Jenkins Jabber Server Plugin stores credentials in plain text

Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file de.enexus.jabber.JabberBuilder.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

Jenkins Jabber Server Plugin stores credentials in plain text

Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file de.enexus.jabber.JabberBuilder.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

CloudBees Jenkins Team Foundation Server Plugin Improper Authorization Vulnerability (CNVD-2021-25258)

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An improper authorization...

CloudBees Jenkins Team Foundation Server Plugin Improper Authorization Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An improper authorization...

CVE-2021-21636

A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...

CVE-2021-21638

A cross-site request forgery CSRF vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2021-21638

A cross-site request forgery CSRF vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Design/Logic Flaw

A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Information disclosure

A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...

CVE-2021-21638

A cross-site request forgery CSRF vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2021-21637

CVE-2021-21637 affects the Jenkins Team Foundation Server Plugin (versions 5.157.1 and earlier). The underlying issue is a missing permission check, which allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs stored in Jenki...