Lucene search
K

4 matches found

Veracode
Veracode
added 2024/03/12 6:32 a.m.18 views

Cross Site Request Forgery (CSRF)

org.jenkins-ci.plugins: docker-build-step is vulnerable to Cross Site Request Forgery CSRF. The vulnerability is due to inadequate validation of user inputs, allowing attackers to connect to an attacker-specified TCP or Unix socket URL and reconfigure the plugin using provided connection test...

6.1CVSS6.8AI score0.00408EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/06 6:30 p.m.29 views

Jenkins docker-build-step Plugin missing permission check

A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting futu...

8.8CVSS6.7AI score0.00826EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/03/06 5:15 p.m.46 views

CVE-2024-2215

A cross-site request forgery CSRF vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions...

6.1CVSS5.7AI score0.00408EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/03/06 5:1 p.m.45 views

CVE-2024-2215

A cross-site request forgery CSRF vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions...

6.7AI score0.00408EPSS
Exploits0References2
Rows per page
Query Builder