Lucene search
+L

8 matches found

Github Security Blog
Github Security Blog
added 2023/07/12 6:30 p.m.20 views

Jenkins Benchmark Evaluator Plugin missing permission check

Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the...

5.4CVSS6.6AI score0.00502EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/07/12 6:30 p.m.18 views

GHSA-5G87-44P9-V4J7 Jenkins Benchmark Evaluator Plugin missing permission check

Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the...

5.4CVSS5.4AI score0.00502EPSS
Exploits0References3
OSV
OSV
added 2023/07/12 4:15 p.m.5 views

CVE-2023-37963

A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the Jenkins controller file system...

5.4CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2023/07/12 4:15 p.m.24 views

CVE-2023-37962

A cross-site request forgery CSRF vulnerability in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the Jenkins controller file system...

8.8CVSS0.00491EPSS
Exploits0References2
Prion
Prion
added 2023/07/12 4:15 p.m.23 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the Jenkins controller file system...

6.8CVSS8.7AI score0.00491EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/12 3:53 p.m.17 views

CVE-2023-37963

A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the Jenkins controller file system...

6.6AI score0.00502EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/07/12 3:53 p.m.20 views

CVE-2023-37962

A cross-site request forgery CSRF vulnerability in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the Jenkins controller file system...

9AI score0.00491EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/07/12 3:53 p.m.20 views

CVE-2023-37962

A cross-site request forgery CSRF vulnerability in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the Jenkins controller file system...

6.8AI score0.00491EPSS
Exploits0References2
Rows per page
Query Builder