28 matches found
CVE-2018-1000152
An improper authorization vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java,...
CVE-2018-1000153
A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java,...
CVE-2018-1000151
The CVE-2018-1000151 entry concerns Jenkins vSphere Plugin (versions 2.16 and older) where VSphere.java disables SSL/TLS certificate validation by default, creating a man‑in‑the‑middle risk. Connected documents corroborate the issue across multiple advisories (Red Hat, SUSE, GitHub GHSA, OSV, NVD...
CVE-2018-1000152
CVE-2018-1000152 affects Jenkins with the vSphere Plugin (2.16 and older). The vulnerability is an improper authorization issue in multiple vSphere-related UI actions (form validation) that can cause the plugin to send numerous requests to a configured vSphere server, potentially leading to denia...
CVE-2018-1000152
An improper authorization vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java,...
CVE-2018-1000153
CVE-2018-1000153 is a cross-site request forgery vulnerability in Jenkins vSphere Plugin
CVE-2018-1000153
A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java,...
CVE-2018-1000151
A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default...