GHSA-WHGJ-6M78-2GG9 Arbitrary file read vulnerability in Jenkins AWS CodeCommit Trigger Plugin

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system...

CVE-2023-35147

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system...

CVE-2023-35147

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system...

CVE-2023-35147

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system...

PT-2023-25166 · Jenkins · Jenkins Aws Codecommit Trigger Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins AWS CodeCommit Trigger Plugin versions 3.0.12 and earlier Description: The issue allows attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system due to the lack of restriction...

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.15 Multiple Vulnerabilities (CloudBees Security Advisory 2023-04-12)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.15. It is, therefore, affected by multiple vulnerabilities including the following: - Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask i.e....

GHSA-Q2FC-9WW2-GGFJ Jenkins Quay.io trigger Plugin webhook endpoint can be accessed without authentication

Jenkins Quay.io trigger Plugin provides a webhook endpoint at /quayio-webhook/ that can be used to trigger builds of jobs configured to use a specified repository. In Quay.io trigger Plugin 0.1 and earlier, this endpoint can be accessed without authentication. This allows unauthenticated attacker...

CVE-2023-30520

Jenkins Quay.io trigger Plugin 0.1 and earlier does not limit URL schemes for repository homepage URLs submitted via Quay.io trigger webhooks, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to submit crafted Quay.io trigger webhook payloads...

Cross site scripting

Jenkins Quay.io trigger Plugin 0.1 and earlier does not limit URL schemes for repository homepage URLs submitted via Quay.io trigger webhooks, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to submit crafted Quay.io trigger webhook payloads...

Design/Logic Flaw

A missing permission check in Jenkins Quay.io trigger Plugin 0.1 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository...

CVE-2023-30519

CVE-2023-30519 affects Jenkins Quay.io trigger Plugin 0.1 and earlier, where a missing permission check allows unauthenticated attackers to trigger builds of jobs for an attacker-specified repository via the webhook endpoint (quotayio-webhook) exposed without authentication. Connected sources con...

CVE-2023-30519

A missing permission check in Jenkins Quay.io trigger Plugin 0.1 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository...

CVE-2023-30519

A missing permission check in Jenkins Quay.io trigger Plugin 0.1 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository...

CVE-2023-30520

The CVE-2023-30520 entry refers to Jenkins Quay.io trigger Plugin version 0.1 and earlier, which does not constrain URL schemes for repository homepage URLs submitted via Quay.io trigger webhooks, enabling a stored XSS vulnerability when attackers submit crafted webhook payloads. The issue is doc...

PT-2023-22748 · Jenkins · Jenkins Quay.Io Trigger Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Quay.io trigger Plugin versions 0.1 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the plugin does not limit URL schemes for repository homepage URLs submitted via...

PT-2023-22746 · Jenkins · Jenkins Quay.Io Trigger Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Quay.io trigger Plugin versions 0.1 and earlier Description: A missing permission check in the Jenkins Quay.io trigger Plugin allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repositor...

Cross-site request forgery in Jenkins Gerrit Trigger Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit...

GHSA-95JQ-24CR-PGRQ Cross-site request forgery in Jenkins Gerrit Trigger Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit...

CVE-2023-24423

A cross-site request forgery CSRF vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit...

CVE-2023-24423

A cross-site request forgery CSRF vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit...