4 results (0.051 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. • http://www.openwall.com/lists/oss-security/2023/02/15/4 https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-1757 • CWE-862: Missing Authorization •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. • http://www.openwall.com/lists/oss-security/2023/02/15/4 https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-1756 • CWE-862: Missing Authorization •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server. • http://www.openwall.com/lists/oss-security/2023/02/15/4 https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-1756 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier stored credentials unencrypted in the credentials.xml file on the Jenkins master where they could be viewed by users with access to the master file system. Jenkins Azure PublisherSettings Credentials Plugin version 1.2 y anteriores, tiene las credenciales almacenadas sin cifrar en el archivo credenciales.xml en el servidor maestro de Jenkins donde pueden ser vistas por los usuarios con acceso al sistema de archivos maestro. • http://www.securityfocus.com/bid/108045 https://jenkins.io/security/advisory/2019-04-17/#SECURITY-844 • CWE-522: Insufficiently Protected Credentials •