Lucene search
K

6 matches found

Prion
Prion
added 2022/11/23 5:15 p.m.12 views

Authentication flaw

The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users...

5CVSS5.3AI score0.00331EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/03/29 12:31 p.m.108 views

CVE-2022-28144

The connected docs confirm CVE-2022-28144 affects Jenkins Proxmox Plugin 0.7.0 and earlier, due to missing permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to initiate a connection test to an attacker‑controlled host using attacker‑supplied username/...

6.5CVSS6.7AI score0.0079EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/03/29 12:30 p.m.26 views

CVE-2022-28143

A cross-site request forgery CSRF vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for the entire Jenkins controller JVM as part ...

7.3AI score0.00523EPSS
Exploits0References2
Prion
Prion
added 2019/10/16 2:15 p.m.8 views

Design/Logic Flaw

Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM...

6.4CVSS8.2AI score0.00993EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/04/30 1:29 p.m.26 views

CVE-2019-10314

Jenkins Koji Plugin disables SSL/TLS and hostname verification globally for the Jenkins master JVM...

5.9CVSS5.8AI score0.01489EPSS
Exploits0References3
OSV
OSV
added 2009/01/07 5:30 p.m.11 views

CVE-2009-0021

NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to...

7.6AI score
Exploits0References19
Rows per page
Query Builder