933 matches found
CVE-2019-1003078
A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptordoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfigdoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
Input validation
A missing permission check in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpldoTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpldoLoginCheck method allows attackers to initiate a connection to an attacker-specified server...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method allows attackers to initiate a connection to an attacker-specified server...
CVE-2019-1003086
A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
CVE-2019-10278
A cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptordoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
CVE-2019-1003090
A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpldoValidate form validation method allows attackers to initiate a connection to an attacker-specified server...
CVE-2019-1003076
A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpldoTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
CVE-2019-1003081
A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptordoCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
PT-2019-11375 · Jenkins · Jenkins Zephyr Enterprise Test Management Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Zephyr Enterprise Test Management Plugin affected versions not specified Description: A missing permission check in the ZeeDescriptordoTestConnection form validation method allows attackers with Overall/Read permission to initiate a...
PT-2019-11376 · Jenkins · Jenkins Chef Sinatra Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Chef Sinatra Plugin affected versions not specified Description: A cross-site request forgery issue exists in the ChefBuilderConfiguration.DescriptorImpldoTestConnection form validation method, allowing attackers to initiate a...
PT-2019-11377 · Jenkins · Jenkins Chef Sinatra Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Chef Sinatra Plugin affected versions not specified Description: A missing permission check in the ChefBuilderConfiguration.DescriptorImpldoTestConnection form validation method allows attackers with Overall/Read permission to initiat...
PT-2019-11388 · Jenkins · Jenkins Openid Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins openid Plugin affected versions not specified Description: A cross-site request forgery issue exists in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method, allowing attackers to initiate a connection to an...
PT-2019-11349 · Jenkins · Jenkins Ftp Publisher Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins FTP publisher Plugin affected versions not specified Description: A missing permission check in the FTPPublisher.DescriptorImpldoLoginCheck method allows attackers with Overall/Read permission to initiate a connection to an...
CVE-2019-1003047
A missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
PT-2019-11336 · Jenkins · Jenkins Fortify On Demand Uploader Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Fortify on Demand Uploader Plugin versions 3.0.10 and earlier Description: A cross-site request forgery issue allows attackers to initiate a connection to an attacker-specified server. Recommendations: For Jenkins Fortify on Demand...
PT-2019-11337 · Jenkins · Jenkins Fortify On Demand Uploader Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Fortify on Demand Uploader Plugin versions 3.0.10 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. Recommendation...