Electricflow Security Vulnerabilities and Issues — Electricflow CVE List

Lucene search

JenkinsElectricflow

3 matches found

CVE•added 2019/06/11 2:29 p.m.•57 views

CVE-2019-10331

A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed attackers to connect to an attacker-specified URL using attacker-specified credentials.

4.3CVSS4.5AI score0.0022EPSS

CVE•added 2019/06/11 2:29 p.m.•46 views

CVE-2019-10332

A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials.

4.3CVSS4.4AI score0.0013EPSS

CVE•added 2019/06/11 2:29 p.m.•45 views

CVE-2019-10333

Missing permission checks in Jenkins ElectricFlow Plugin 1.1.5 and earlier in various HTTP endpoints allowed users with Overall/Read access to obtain information about the Jenkins ElectricFlow Plugin configuration and configuration of connected ElectricFlow instances.

4.3CVSS4.3AI score0.00041EPSS