CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30954 – plugin: missing permission checks in Blue Ocean Plugin
https://notcve.org/view.php?id=CVE-2022-30954
Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server. El plugin Jenkins Blue Ocean versiones 1.25.3 y anteriores, no lleva a cabo una comprobación de permisos en varios endpoints HTTP, permitiendo a atacantes con permiso Overall/Read conectarse a un servidor HTTP especificado por el atacante • http://www.openwall.com/lists/oss-security/2022/05/17/8 https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502 https://access.redhat.com/security/cve/CVE-2022-30954 https://bugzilla.redhat.com/show_bug.cgi?id=2119647 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30953 – plugin: CSRF vulnerability in Blue Ocean Plugin
https://notcve.org/view.php?id=CVE-2022-30953
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en el plugin Jenkins Blue Ocean versiones 1.25.3 y anteriores, permite a atacantes conectarse a un servidor HTTP especificado por el atacante • http://www.openwall.com/lists/oss-security/2022/05/17/8 https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502 https://access.redhat.com/security/cve/CVE-2022-30953 https://bugzilla.redhat.com/show_bug.cgi?id=2119646 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30951
https://notcve.org/view.php?id=CVE-2022-30951
Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they're not allowed to log in. El plugin Jenkins WMI Windows Agents versiones 1.8 y anteriores, incluyen la librería Windows Remote Command no implementa el control de acceso, permitiendo potencialmente a usuarios iniciar procesos incluso si no presentan permiso para iniciar sesión • http://www.openwall.com/lists/oss-security/2022/05/17/8 https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2604 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30950
https://notcve.org/view.php?id=CVE-2022-30950
Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute commands on the Windows agent machine. El plugin Jenkins WMI Windows Agents versiones 1.8 y anteriores, incluye la biblioteca Windows Remote Command que presenta una vulnerabilidad de desbordamiento de búfer que puede permitir a usuarios capaces de conectarse a una tubería con nombre ejecutar comandos en la máquina del agente Windows • http://www.openwall.com/lists/oss-security/2022/05/17/8 https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2604 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30949
https://notcve.org/view.php?id=CVE-2022-30949
Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. El plugin REPO de Jenkins versiones 1.14.0 y anteriores permite a atacantes capaces de configurar pipelines para comprobar algunos repositorios SCM almacenados en el sistema de archivos del controlador de Jenkins usando rutas locales como URLs SCM, obteniendo información limitada sobre el contenido SCM de otros proyectos • http://www.openwall.com/lists/oss-security/2022/05/17/8 https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2478 •