CVE-2022-36882

A cross-site request forgery CSRF vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit...

CVE-2022-36883

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

CVE-2022-36921

A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-36911

A cross-site request forgery CSRF vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL...

CVE-2022-36907

A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

CVE-2022-36882

A cross-site request forgery CSRF vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit...

Jenkins Openstack Heat Plugin 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site request...

Jenkins Openstack Heat Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2022-8897 · Npm · Npm-Help

Name of the Vulnerable Software and Affected Versions: npm-help affected versions not specified Description: The issue affects the npm-help package, with the injection point located in line 13 of the index.js file, specifically in the export.latestVersion function. Recommendations: At the moment,...

PT-2022-6595 · Php +5 · Php +5

Name of the Vulnerable Software and Affected Versions: PHP affected versions not specified Description: A heap buffer overflow issue was discovered in PHP. This occurs when the PHP CLI SERVER WORKERS environment variable is set to a large value. The vulnerability is related to the php cli server...

PT-2022-3799 · Microsoft · Azure Site Recovery

Name of the Vulnerable Software and Affected Versions: Azure Site Recovery affected versions not specified Description: The issue is related to insufficient access restriction in the Azure Site Recovery tool for VMWare to Azure, which can be exploited by a remote attacker to elevate privileges an...

PT-2022-3715 · Microsoft · Windows Performance Counters +1

Name of the Vulnerable Software and Affected Versions: Windows Performance Counters affected versions not specified Description: The issue is related to insufficient access restrictions in Windows Performance Counters, allowing an attacker to elevate their privileges. This can affect the system,...

CVE-2022-34792

A cross-site request forgery CSRF vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML...

PT-2022-3288 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to insecure privilege management in Microsoft Edge. It allows a remote attacker to exploit the vulnerability and elevate their privileges...

PT-2022-14955 · Advantech · Advantech Iview

Name of the Vulnerable Software and Affected Versions: Advantech iView affected versions not specified Description: The issue concerns command injection, which may allow an attacker to remotely execute arbitrary code. There are two instances of this issue. No information is provided about the...

CISA Adds Eight Known Exploited Vulnerabilities to Catalog  

CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly...

PT-2022-18865 · Hikvision · Hikvision Hybrid San/Cluster Storage

Name of the Vulnerable Software and Affected Versions: Hikvision Hybrid SAN/Cluster Storage products affected versions not specified Description: The issue is related to insufficient input validation in the web module of certain Hikvision Hybrid SAN/Cluster Storage products. This allows an attack...

GHSA-RQ99-93C5-33F6 Cross-Site Request Forgery in Jenkins ThreadFix Plugin

A cross-site request forgery CSRF vulnerability in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers to connect to an attacker-specified URL...

Cross-Site Request Forgery in Jenkins Jianliao Notification Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL...