CVE-2022-20619

A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-20618

A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2022-20618

The CVE-2022-20618 entry affects Jenkins Bitbucket Branch Source Plugin (versions prior to 737.vdf9dc06105be). The root cause is a missing permission check on multiple HTTP endpoints, which allows attackers with Overall/Read access to enumerate credentials IDs stored in Jenkins. This credential d...

PT-2022-14826 · Jenkins · Jenkins Bitbucket Branch Source Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Bitbucket Branch Source Plugin versions 737.vdf9dc06105be and earlier Jenkins Bitbucket Branch Source Plugin versions prior to 746.v350d2781c184 Jenkins Bitbucket Branch Source Plugin versions prior to 725.vd9f8be0fa250 Jenkins...

Jenkins Plugin 跨站请求伪造漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . The Jenkins Bitbucket Branch Source Plugin suffers from a cross-site request forgery vulnerability that stems from a WE...

PT-2022-14827 · Jenkins · Jenkins Bitbucket Branch Source Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Bitbucket Branch Source Plugin versions prior to 746.v350d2781c184 Jenkins Bitbucket Branch Source Plugin versions prior to 725.vd9f8be0fa250 Jenkins Bitbucket Branch Source Plugin versions prior to 2.9.11.2 Jenkins Bitbucket Branch...

Cross site request forgery (csrf)

fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service...

CloudBees Jenkins ZAP Pipeline Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . White Source Plugin is used in one of the...

Unspecified Vulnerability in CloudBees Jenkins White Source Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . White Source Plugin is used in one of the...

CVE-2020-2213

Jenkins White Source Plugin 19.1.1 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission config.xml, or access to the master file system...

CVE-2020-2213

Jenkins White Source Plugin 19.1.1 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission config.xml, or access to the master file system...

CVE-2020-2213

Jenkins White Source Plugin 19.1.1 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission config.xml, or access to the master file system...

CVE-2020-2213

The CVE-2020-2213 case affects the Jenkins White Source Plugin: versions 19.1.1 and earlier store credentials in plain text in the global configuration file and in job config.xml on the Jenkins controller. This can expose credentials to users with Extended Read or to someone with access to the co...

CVE-2020-2213

Jenkins White Source Plugin 19.1.1 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission config.xml, or access to the master file system...

CloudBees Jenkins GitHub Branch Source Plugin Server-Side Request Forgery Vulnerability

CloudBees Jenkins is a set of Java-based continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . GitHub Branch Source Plugin is used in one of the Jenkins used to view, operate the...

CVE-2018-1000185

A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL...

CVE-2018-1000185

A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL...

CVE-2018-1000185

A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL...

CVE-2018-1000185

The CVE-2018-1000185 entry concerns Jenkins GitHub Branch Source Plugin (versions

CVE-2017-1000091

GitHub Branch Source Plugin connects to a user-specified GitHub API URL e.g. GitHub Enterprise as part of form validation and completion e.g. to verify Scan Credentials are correct. This functionality improperly checked permissions, allowing any user with Overall/Read access to Jenkins to connect...