19 matches found
EUVD-2022-4738
Malicious code in bioql PyPI...
EUVD-2022-5425
Malicious code in bioql PyPI...
CVE-2019-10312
A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptordoFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...
CVE-2019-10311
A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptordoTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...
GHSA-VRVM-459Q-J824 Jenkins Ansible Tower Plugin cross-site request forgery vulnerability
Jenkins Ansible Tower Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials...
Jenkins Ansible Tower Plugin information disclosure vulnerability
Summary An exploitable information disclosure vulnerability exists in the testTowerConnection function of the Jenkins Ansible Tower Plugin 0.9.1. A specially crafted HTTP request from a user with Overall/Read permissions - such as an anonymous user, if enabled - can cause affected versions of thi...
CVE-2019-10312
A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptordoFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...
CVE-2019-10310
A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptordoTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials I...
CVE-2019-10312
A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptordoFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...
Information disclosure
A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptordoFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptordoTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials I...
CVE-2019-10311
A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptordoTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2019-10310
A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptordoTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials I...
CVE-2019-10312
CVE-2019-10312 affects Jenkins Ansible Tower Plugin 0.9.1 and earlier. The root cause is a missing permission check in TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems, which allowed attackers with Overall/Read permission to enumerate credentials IDs stored in Jenkins. ...
CVE-2019-10310
Summary: CVE-2019-10310 affects the Jenkins Ansible Tower Plugin (versions up to 0.9.1). The issue stems from a missing permissions check in the TowerInstallation.doTestTowerConnection form validation, allowing a user to cause the plugin to connect to an attacker-controlled URL using attacker-pro...
CVE-2019-10312
A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptordoFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...
PT-2019-11712 · Jenkins · Jenkins Ansible Tower Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Ansible Tower Plugin version 0.9.1 and earlier Description: A cross-site request forgery issue allowed attackers to connect to a specified URL using specified credentials IDs, potentially capturing stored credentials in Jenkins. The...
PT-2019-11714 · Jenkins · Jenkins Ansible Tower Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Ansible Tower Plugin versions 0.9.1 and earlier Description: A missing permission check in the TowerInstallation.TowerInstallationDescriptordoFillTowerCredentialsIdItems method allows attackers with Overall/Read permission to enumerat...
PT-2019-11713 · Jenkins · Jenkins Ansible Tower Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Ansible Tower Plugin versions 0.9.1 and earlier Description: A missing permission check in the TowerInstallation.TowerInstallationDescriptordoTestTowerConnection form validation method allowed attackers with Overall/Read permission to...