CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

50 matches found

OSV•added 2023/09/08 7:15 p.m.•14 views

CVE-2023-41578

Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection...

7.5CVSS7.6AI score

Exploits0References1

CNNVD•added 2023/09/08 12:0 a.m.•3 views

Jeecg-Boot Security Vulnerabilities

Jeecg-Boot is a low-code platform based on a code generator from the JeecgBoot community. A security vulnerability exists in Jeecg-Boot v3.5.3 and earlier versions, which stems from an arbitrary file read vulnerability in interface /testConnection...

7.5CVSS7.1AI score0.00789EPSS

Exploits1References2

Cvelist•added 2023/09/08 12:0 a.m.•26 views

CVE-2023-41578

Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection...

7.7AI score0.00789EPSS

Exploits1References1

CVE•added 2023/09/08 12:0 a.m.•54 views

CVE-2023-41578

Jeecg boot up to v3.5.3 contains an arbitrary file read vulnerability exploitable via the /testConnection interface. The CVE entry documents impact to confidentiality (high) with no integrity/availability impact, and root cause is an insecure/unrestricted file read path exposed through the testCo...

7.5CVSS7.5AI score0.00789EPSS

Exploits1References1Affected Software1

Github Security Blog•added 2022/05/24 5:22 p.m.•14 views

Reflected XSS in Jenkins Compatibility Action Storage Plugin

Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting XSS vulnerability...

6.1CVSS5.6AI score0.00699EPSS

Exploits0References4Affected Software1

Prion•added 2020/07/02 3:15 p.m.•9 views

Cross site scripting

4.3CVSS6AI score0.00699EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2020/07/02 12:0 a.m.•4 views

PT-2020-15433 · Jenkins · Jenkins Compatibility Action Storage Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Compatibility Action Storage Plugin versions 1.0 and earlier Description: The issue is related to a reflected cross-site scripting XSS vulnerability. It occurs because the plugin does not escape the content coming from the MongoDB in...

6.1CVSS5.9AI score0.00699EPSS

Exploits0References7

Positive Technologies•added 2019/08/07 12:0 a.m.•4 views

PT-2019-11780 · Jenkins · Jenkins Xl Testview Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins XL TestView Plugin versions 1.2.0 and earlier Description: A cross-site request forgery issue allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturin...

8.8CVSS8.4AI score0.00859EPSS

Exploits0References5

Cvelist•added 2019/06/11 1:15 p.m.•22 views

CVE-2019-10331

A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in ConfigurationdoTestConnection allowed attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.5AI score0.01058EPSS

Exploits0References3

Talos•added 2019/06/04 12:0 a.m.•202 views

Jenkins Artifactory Plugin information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the testConnection endpoint of the Jenkins Artifactory Plugin 3.2.0 and 3.2.1. As a result of this vulnerability a crafted HTTP request from a user with Overall/Read permissions - such as an anonymous user, if enabled - can cau...

4.3CVSS4.4AI score0.01825EPSS

Exploits1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by