146 matches found
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials...
CVE-2019-16552
CVE-2019-16552 affects Jenkins Gerrit Trigger Plugin (versions 2.30.1 and earlier). Root cause: a missing permission check allows attackers with Overall/Read to connect to an attacker-specified HTTP/SSH endpoint using attacker-specified credentials, and to determine the existence of a file on the...
CVE-2019-16552
A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins maste...
CVE-2019-16551
A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials...
CVE-2019-16551
Jenkins Gerrit Trigger Plugin versions 2.30.1 and earlier are affected by a cross-site request forgery vulnerability that allows an attacker to cause the plugin to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials. Root cause: CSRF in the plugin’s handli...
PT-2019-14706 · Jenkins · Jenkins Gerrit Trigger Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Gerrit Trigger Plugin versions 2.30.1 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials. Recommendations: For...
PT-2019-14707 · Jenkins · Jenkins Gerrit Trigger Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Gerrit Trigger Plugin versions 2.30.1 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified...
Jenkins Gerrit Trigger Plugin Design Vulnerability
Jenkins is an open source software project , is based on Java development of a continuous integration tool . A security vulnerability exists in the GerritManagement.java, GerritServer.java, and PluginImpl.java files in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier versions. An attacker can...
CloudBees Jenkins Gerrit Trigger Plugin Information Disclosure Vulnerability
CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Gerrit Trigger Plugin is the use of...
Authorization
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins...
CVE-2018-1000105
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins...
CVE-2018-1000106
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins...
CVE-2018-1000105
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins...
Authorization
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins...
CVE-2018-1000106
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins...
CVE-2018-1000105
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins...
CVE-2018-1000106
CVE-2018-1000106: Affected software is Jenkins Gerrit Trigger Plugin (≤ version 2.27.4). The root cause is an improper authorization flaw in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify Jenkins Gerrit configuration. Docum...
CVE-2018-1000106
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins...
CVE-2017-1000084
Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins...
Authentication flaw
Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins...