Lucene search
K

101 matches found

OSV
OSV
added 2023/02/15 9:30 p.m.26 views

GHSA-JWR6-75XH-JH5J Synopsys Jenkins Coverity Plugin has Incorrect Default Permissions

Synopsys Coverity Plugin 3.0.2 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using anothe...

4.3CVSS4.7AI score0.00509EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/02/15 9:30 p.m.17 views

CSRF vulnerability in Jenkins Coverity Plugin allow capturing credentials

Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS6.5AI score0.0052EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/02/15 7:15 p.m.26 views

CVE-2023-23850

A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS4.4AI score0.00509EPSS
Exploits0References2
NVD
NVD
added 2023/02/15 7:15 p.m.26 views

CVE-2023-23848

Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS4.5AI score0.0052EPSS
Exploits0References2
Prion
Prion
added 2023/02/15 7:15 p.m.25 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

3.5CVSS4AI score0.00357EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/02/15 7:15 p.m.13 views

Information disclosure

A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4CVSS4.4AI score0.00509EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/02/15 7:15 p.m.17 views

Design/Logic Flaw

Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4CVSS4.5AI score0.0052EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/02/15 12:0 a.m.20 views

CVE-2023-23848

Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.8AI score0.0052EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/02/15 12:0 a.m.27 views

CVE-2023-23850

A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.7AI score0.00509EPSS
Exploits0References2
CVE
CVE
added 2023/02/15 12:0 a.m.72 views

CVE-2023-23847

CVE-2023-23847 affects Synopsys Jenkins Coverity Plugin 3.0.2 and earlier. The CSRF vulnerability arises from missing permission checks across multiple HTTP endpoints that do not require POST, enabling an attacker to cause the plugin to connect to an attacker-specified HTTP server using attacker-...

3.5CVSS4.1AI score0.00357EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/02/15 12:0 a.m.8 views

Jenkins Plugin Synopsys Coverity 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.1AI score0.00509EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/02/15 12:0 a.m.7 views

CVE-2023-23847

A cross-site request forgery CSRF vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.6AI score0.00357EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/02/15 12:0 a.m.50 views

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.9 Multiple Vulnerabilities (CloudBees Security Advisory 2023-02-15)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.9. It is, therefore, affected by multiple vulnerabilities including the following: - CSRF vulnerability and missing permission checks in Synopsys Coverity Plugin allow...

9.9CVSS6.1AI score0.814EPSS
Exploits0References12
CVE
CVE
added 2023/02/15 12:0 a.m.80 views

CVE-2023-23850

CVE-2023-23850 is a credential-enumeration vulnerability in Synopsys Jenkins Coverity Plugin (versions ≤ 3.0.2). A missing permission check in multiple HTTP endpoints allows attackers with Overall/Read to enumerate credentials IDs stored in Jenkins, enabling potential credential exposure. Connect...

4.3CVSS4.4AI score0.00509EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/02/15 12:0 a.m.69 views

CVE-2023-23848

The CVE-2023-23848 entry concerns missing permission checks in the Synopsys Jenkins Coverity Plugin (versions

4.3CVSS4.5AI score0.0052EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/02/15 12:0 a.m.36 views

CVE-2023-23847

A cross-site request forgery CSRF vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3AI score0.00357EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/02/15 12:0 a.m.7 views

Jenkins Plugin Synopsys Coverity 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

3.5CVSS5AI score0.00357EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/02/15 12:0 a.m.5 views

Jenkins Plugin Synopsys Coverity 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.2AI score0.0052EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2023/02/15 12:0 a.m.29 views

CVE-2023-23847

A cross-site request forgery CSRF vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

3.5CVSS6AI score0.00357EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2023/02/15 12:0 a.m.20 views

CVE-2023-23850

A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.4AI score0.00509EPSS
Exploits0References3
Rows per page
Query Builder