14899 matches found
Design/Logic Flaw
A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials...
Path traversal
Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files...
Design/Logic Flaw
Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2022-23114
Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2022-23114
CVE-2022-23114 affects Jenkins Publish Over SSH Plugin 1.22 and earlier. The vulnerability is that passwords are stored unencrypted in the plugin’s global configuration file on the Jenkins controller, exposing credentials to users with filesystem access to the controller. The Red Hat advisory and...
CVE-2022-23113
Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files...
CVE-2022-23113
Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files...
CVE-2022-23113
CVE-2022-23113 affects Jenkins Publish Over SSH Plugin 1.22 and earlier. The issue is a path traversal vulnerability caused by insufficient validation of the file name, allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files. Connected sources corrob...
CVE-2022-23112
A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials...
CVE-2022-23112
CVE-2022-23112 concerns Jenkins Publish Over SSH Plugin, versions 1.22 and earlier. The root cause is a missing permission check that allows users with Overall/Read access to cause the controller to connect to an attacker‑specified SSH server using attacker‑supplied credentials. This enables pote...
CVE-2022-23111
A cross-site request forgery CSRF vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...
CVE-2022-23111
CVE-2022-23111 describes a CSRF vulnerability in the Jenkins Publish Over SSH Plugin, version 1.22 and earlier. The issue allows an attacker to cause a Jenkins instance to connect to an attacker‑specified SSH server using attacker‑specified credentials, effectively leveraging cross‑site request f...
CVE-2022-23110
Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...
CVE-2022-23110
CVE-2022-23110 concerns Jenkins Publish Over SSH Plugin 1.22 and earlier, which does not escape the SSH server name, leading to a stored XSS vulnerability. Exploitation requires attacker to have Overall/Administer permission. The provided documents identify the affected plugin/version and the XSS...
CVE-2022-20620
Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-20620
CVE-2022-20620 affects Jenkins SSH Agent Plugin (versions 1.23 and earlier). The root cause is missing permission checks in several HTTP endpoints, allowing attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. This could facilitate credential exposure ...
Jenkins Plugin 安全漏洞
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins Publish Over SSH Plugin in 1.22 and earlier versions of the authorization problem vulnerability , the...
Jenkins Plugin 路径遍历漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A path traversal vulnerability exists in Jenkins Publish Over SSH Plugin 1.22 and prior versions. An attacker with...
PT-2022-15853 · Jenkins · Jenkins Publish Over Ssh Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Publish Over SSH Plugin versions 1.22 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. This occurs because the SSH server name is not properly escaped, allowing attackers with...
PT-2022-15855 · Jenkins · Jenkins Publish Over Ssh Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Publish Over SSH Plugin versions 1.22 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials...