Openstack Heat Security Vulnerabilities and Issues — Openstack Heat CVE List

Lucene search

JenkinsOpenstack Heat

3 matches found

CVE•added 2022/07/27 3:15 p.m.•75 views

CVE-2022-36913

Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

4.3CVSS4.5AI score0.00079EPSS

CVE•added 2022/07/27 3:15 p.m.•74 views

CVE-2022-36911

A cross-site request forgery (CSRF) vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL.

6.5CVSS6.4AI score0.00062EPSS

CVE•added 2022/07/27 3:15 p.m.•71 views

CVE-2022-36912

A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.

4.3CVSS4.4AI score0.00294EPSS