CVE-2022-34782
https://notcve.org/view.php?id=CVE-2022-34782
An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. Una comprobación de permisos incorrecta en Jenkins requests-plugin Plugin versiones 2.2.16 y anteriores, permite a atacantes con permiso Overall/Read ver la lista de peticiones pendientes • https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2650 • CWE-863: Incorrect Authorization •
CVE-2021-21676
https://notcve.org/view.php?id=CVE-2021-21676
Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified email address. El Plugin Jenkins requests-plugin versiones 2.2.7 y anteriores no lleva a cabo una comprobación de permisos en un endpoint HTTP, permitiendo a atacantes con permiso General y de lectura enviar correos electrónicos de prueba a una dirección de correo electrónico especificada por el atacante • http://www.openwall.com/lists/oss-security/2021/06/30/1 https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-2136%20%282%29 • CWE-862: Missing Authorization •
CVE-2021-21675
https://notcve.org/view.php?id=CVE-2021-21675
A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en el plugin Jenkins requests-plugin versiones 2.2.12 y anteriores permite a atacantes crear peticiones y/o hacer que los administradores apliquen peticiones pendientes • http://www.openwall.com/lists/oss-security/2021/06/30/1 https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-2136%20%281%29 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-21674
https://notcve.org/view.php?id=CVE-2021-21674
A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests. Una comprobación de permisos faltante en Jenkins requests-plugin Plugin versiones 2.2.6 y anteriores permite a atacantes con permiso Overall/Read ver la lista de peticiones pendientes • http://www.openwall.com/lists/oss-security/2021/06/30/1 https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-1995 •