Lucene search
K

36 matches found

Cvelist
Cvelist
added 2023/01/24 12:0 a.m.35 views

CVE-2023-24440

Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...

5.7AI score0.00191EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/24 12:0 a.m.33 views

CVE-2023-24437

A cross-site request forgery CSRF vulnerability in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.9AI score0.00515EPSS
Exploits0References1
CVE
CVE
added 2023/01/24 12:0 a.m.136 views

CVE-2023-24438

The CVE-2023-24438 issue affects Jenkins JIRA Pipeline Steps Plugin versions 2.0.165.v8846cf59f3db and earlier. The root cause is a missing permission check in methods handling form validation, enabling attackers with Overall/Read to connect to an attacker-specified URL using attacker-specified c...

6.5CVSS6.3AI score0.00769EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/11/15 12:0 a.m.331 views

CVE-2022-45381

The CVE-2022-45381 case concerns Jenkins Pipeline Utility Steps Plugin (

8.1CVSS7.7AI score0.01328EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/05/24 5:12 p.m.23 views

GHSA-W598-25HM-JQX3 RCE vulnerability in Jenkins Pipeline: AWS Steps Plugin

Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution RCE vulnerability exploitable by users able to provide YAML input files to Pipeline: AWS Steps Plugin’s build steps. Pipeline: AW...

8.8CVSS9AI score0.02034EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 5:12 p.m.30 views

RCE vulnerability in Jenkins Pipeline: AWS Steps Plugin

Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution RCE vulnerability exploitable by users able to provide YAML input files to Pipeline: AWS Steps Plugin’s build steps. Pipeline: AW...

8.8CVSS8.9AI score0.02034EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 4:56 p.m.13 views

GHSA-CCXH-J7HG-M5MR Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin

Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...

9.9CVSS9.6AI score0.01205EPSS
Exploits0References4
Prion
Prion
added 2020/03/25 5:15 p.m.14 views

Remote code execution

Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...

6.5CVSS9AI score0.02034EPSS
Exploits0References2
CVE
CVE
added 2020/03/25 4:5 p.m.62 views

CVE-2020-2166

CVE-2020-2166 affects Jenkins Pipeline: AWS Steps Plugin versions 1.40 and earlier. The root cause is that the YAML parser is not restricted, allowing instantiation of arbitrary types and enabling remote code execution. The vulnerability is described across multiple sources as RCE via YAML input ...

8.8CVSS9AI score0.02034EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/03/25 12:0 a.m.6 views

PT-2020-15378 · Jenkins · Jenkins Pipeline: Aws Steps Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: AWS Steps Plugin versions 1.40 and earlier Description: The issue is related to the configuration of the YAML parser in the Jenkins Pipeline: AWS Steps Plugin, which does not prevent the instantiation of arbitrary types. Thi...

8.8CVSS8.8AI score0.02034EPSS
Exploits0References6
CNVD
CNVD
added 2019/10/08 12:0 a.m.2 views

Unspecified Vulnerability in CloudBees Jenkins Kubernetes::Pipeline::Kubernetes Steps Plugin

CloudBees Jenkins Hudson Labs is a set of U.S. CloudBees company based on Java development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks.Kubernetes::Pipeline::Arquillian Steps Plugin is used in...

9.9CVSS7.5AI score0.01205EPSS
Exploits0References1
NVD
NVD
added 2019/09/25 4:15 p.m.59 views

CVE-2019-10418

Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...

9.9CVSS9.6AI score0.01205EPSS
Exploits0References2
OSV
OSV
added 2019/09/25 4:15 p.m.18 views

CVE-2019-10417

Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...

9.9CVSS6.9AI score
Exploits0References2
CVE
CVE
added 2019/09/25 3:5 p.m.71 views

CVE-2019-10417

The CVE refers to Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin where a flawed custom Script Security whitelist allowed attackers to invoke arbitrary methods, bypassing the sandbox and potentially executing code. The entries from multiple sources corroborate that this is tied to the p...

9.9CVSS9.5AI score0.01205EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2019/09/25 12:0 a.m.16 views

PT-2019-11812 · Jenkins · Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin affected versions not specified Description: The issue allows attackers to invoke arbitrary methods, bypassing typical sandbox protection, due to a custom whitelist for script security...

9.9CVSS9.4AI score0.01205EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2019/09/25 12:0 a.m.17 views

PT-2019-11811 · Jenkins · Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin affected versions not specified Description: The issue concerns a custom whitelist for script security in the Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin, which allowed...

9.9CVSS9.4AI score0.01205EPSS
Exploits0References7
Rows per page
Query Builder