Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit...

Jenkins Plugin Gerrit Trigger 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

CVE-2023-24423

A cross-site request forgery CSRF vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit...

PT-2023-19583 · Jenkins · Jenkins Gerrit Trigger Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Gerrit Trigger Plugin versions 2.38.0 and earlier Description: A cross-site request forgery CSRF issue allows attackers to rebuild previous builds triggered by Gerrit. This can be exploited to manipulate build processes...

CVE-2023-24423

The CVE-2023-24423 vulnerability affects Jenkins Gerrit Trigger Plugin

Jenkins Generic Webhook Trigger Plugin External Entity Injection (CVE-2021-21669)

An XXE vulnerability exists in Jenkins Generic Webhook Trigger Plugin. The vulnerability is due to insufficient validation of input parameters. Successful exploitation could lead to the disclosure of file contents for any file readable by Jenkins...

Jenkins Filesystem Trigger Plugin XML External Entity Expansion (CVE-2021-21659)

An XML external entity expansion vulnerability exists in Jenkins Filesystem Trigger Plugin. Successful exploitation of this vulnerability could result in the disclosure of file contents from the target system...

CVE-2022-43412

Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

CVE-2022-43412

CVE-2022-43412 affects Jenkins Generic Webhook Trigger Plugin (versions 1.84.1 and earlier). The vulnerability stems from a non-constant time comparison when validating the provided webhook token against the expected token, which could enable attackers to infer a valid token via statistical metho...

CVE-2022-36914

Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

CVE-2022-36914

Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

CVE-2022-36914

CVE-2022-36914 affects Jenkins Files Found Trigger Plugin 1.5 and earlier. The root cause is a missing permission check in a form-validation method, enabling attackers with Overall/Read to determine the existence of an attacker-specified file path on the Jenkins controller filesystem. The public ...

XXE vulnerability in Jenkins Generic Webhook Trigger Plugin

Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with the ability to call webhooks configured to extract parameters using XPath to have Jenkins parse a crafted XML request body that uses...

GHSA-CPHV-7CXW-5HCC XXE vulnerability in Jenkins Filesystem Trigger Plugin

Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with Job/Configure permission or otherwise able to control the contents of an XML file being polled for changes to have Jenkins parse a crafted XM...

XXE vulnerability in Jenkins Filesystem Trigger Plugin

Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with Job/Configure permission or otherwise able to control the contents of an XML file being polled for changes to have Jenkins parse a crafted XM...

Secret stored in plain text by Jenkins Parameterized Remote Trigger Plugin

Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file org.jenkinsci.plugins.ParameterizedRemoteTrigger.RemoteBuildConfiguration.xml on the Jenkins controller as part of its configuration. This secret can be viewed by attackers with acce...

Missing permission check in Jenkins Gerrit Trigger Plugin

A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins maste...

Cross-Site Request Forgery in Jenkins Gerrit Trigger Plugin

A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials...

GHSA-VMVP-2HHX-RGM8 Cross-Site Request Forgery in Jenkins Gerrit Trigger Plugin

A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials...

Incorrect Authorization in Jenkins Gerrit Trigger Plugin

An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins...