9 matches found
SUSE CVE-2019-10354
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information...
Unauthorized view fragment access in Jenkins
Jenkins uses the Stapler web framework to render its UI views. These views are frequently composed of several view fragments, enabling plugins to extend existing views with more content. Before SECURITY-534 was fixed in Jenkins 2.186 and LTS 2.176.2, attackers could in some cases directly access ...
CVE-2022-34175
Jenkins 2.335 through 2.355 both inclusive allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view...
CVE-2022-34175
Jenkins 2.335 through 2.355 both inclusive allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view...
PT-2022-22042 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.335 through 2.355 Description: The issue allows attackers in some cases to bypass a protection mechanism, directly accessing view fragments containing sensitive information and bypassing permission checks in the correspondi...
GHSA-6JFC-MC97-C7WG Missing Authorization in Jenkins
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information...
jenkins: Unauthorized view fragment access (SECURITY-534)
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information...
jenkins: Unauthorized view fragment access (SECURITY-534)
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information...
Improper Access Control
stapler web framework is vulnerable to Improper Access Control. The UI views are frequently comprised of several view fragments, enabling plugins to extend existing views with more content. This vulnerability allows an attacker to directly access a view fragment containing sensitive information,...