CVE-2022-25192

A cross-site request forgery CSRF vulnerability in Jenkins Snow Commander Plugin 1.10 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Jenkins Snow Commander Plugin Access Control Error Vulnerability

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Snow Commander Plugin 2.0 and earlier versions are vulnerable to an access control error that stems from not...

Jenkins Snow Commander Plugin 2.0 vulnerable to Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability in Jenkins Snow Commander Plugin 2.0 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Jenkins Snow Commander Plugin prior to 2.0 vulnerable to Missing Authorization

Snow Commander Plugin 1.10 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing...

CVE-2022-25193

Missing permission checks in Jenkins Snow Commander Plugin 1.10 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Design/Logic Flaw

Missing permission checks in Jenkins Snow Commander Plugin 1.10 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-25193

Missing permission checks in Jenkins Snow Commander Plugin 1.10 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-25193

Missing permission checks in Jenkins Snow Commander Plugin 1.10 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-25193

CVE-2022-25193 (Snow Commander Plugin) : Jenkins Snow Commander Plugin ≤ 2.0 allows missing permission checks in form-validation methods. An attacker with Overall/Read permission can cause the plugin to connect to an attacker-specified webserver using attacker-specified credential IDs, enabling c...

CVE-2022-25192

CVE-2022-25192 concerns Jenkins Snow Commander Plugin. Affected versions: 1.10 and earlier (and references to 2.0 in the same advisory family). Vulnerability class: CSRF and improper permission checks in form validation that enables an attacker with certain Jenkins permissions to cause the plugin...

PT-2022-17133 · Jenkins · Jenkins Snow Commander Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Snow Commander Plugin versions 1.10 and earlier Description: The issue concerns missing permission checks in the Jenkins Snow Commander Plugin, allowing attackers with Overall/Read permission to connect to a specified webserver using...