15 matches found
EUVD-2022-2873
Malicious code in bioql PyPI...
CVE-2019-10465
A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file syste...
CVE-2019-10464
A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system...
GHSA-6X2W-GWGF-5RG3 Jenkins Deploy WebLogic Plugin cross-site request forgery vulnerability
JenkinsDeploy WebLogic Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to send an HTTP HEAD request to a user-specified URL, or confirm the existence of any file or directory on the Jenkins controller...
Jenkins Deploy WebLogic Plugin cross-site request forgery vulnerability
JenkinsDeploy WebLogic Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to send an HTTP HEAD request to a user-specified URL, or confirm the existence of any file or directory on the Jenkins controller...
GHSA-89VJ-RQV8-7737 Jenkins Deploy WebLogic Plugin missing permission check
JenkinsDeploy WebLogic Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to send an HTTP HEAD request to a user-specified URL, or confirm the existence of any file or directory on the Jenkins controller...
Unspecified Vulnerability in CloudBees Jenkins Deploy WebLogic Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Deploy WebLogic Plugin is used in which a...
CVE-2019-10465
A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file syste...
CVE-2019-10464
A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system...
CVE-2019-10464
A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system...
CVE-2019-10465
A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file syste...
CVE-2019-10464
The CVE-2019-10464 entry concerns a cross-site request forgery in the Jenkins Deploy WebLogic Plugin. The underlying issue: the plugin does not perform permission checks in a form validation method and does not require POST for that validation, allowing authenticated Jenkins users (with Overall/R...
CVE-2019-10465
A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file syste...
PT-2019-11859 · Jenkins · Jenkins Deploy Weblogic Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Deploy WebLogic Plugin affected versions not specified Description: The issue is related to a missing permission check in the Jenkins Deploy WebLogic Plugin. This allows attackers with Overall/Read permission to connect to an...
CVE-2010-2375: WebLogic Plugin HTTP Injection via Encoded URLs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: WebLogic Plugin HTTP Injection via Encoded URLs Release Date: 2010-07-13 Application: WebLogic Plugin...