Page 108 of 1626 results (0.010 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-30948 – plugin: Mercurial SCM plugin can check out from the controller file system

https://notcve.org/view.php?id=CVE-2022-30948

Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. El plugin Jenkins Mercurial versiones 2.16 y anteriores, permiten a atacantes configurar los pipelines para comprobar algunos repositorios SCM almacenados en el sistema de archivos del controlador Jenkins usando rutas locales como URLs SCM, obteniendo información limitada sobre los contenidos SCM de otros proyectos A flaw was found in the Jenkins plugin. Affected versions of the Jenkins Mercurial Plugin allow attackers who can configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system. This is accomplished by using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. • http://www.openwall.com/lists/oss-security/2022/05/17/8 https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2478 https://access.redhat.com/security/cve/CVE-2022-30948 https://bugzilla.redhat.com/show_bug.cgi?id=2119644 • CWE-435: Improper Interaction Between Multiple Correctly-Behaving Entities •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-30947

https://notcve.org/view.php?id=CVE-2022-30947

Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. El Plugin Git de Jenkins versiones 4.11.1 y anteriores, permiten a atacantes configurar los pipelines para comprobar algunos repositorios SCM almacenados en el sistema de archivos del controlador de Jenkins usando rutas locales como URLs SCM, obteniendo información limitada sobre los contenidos SCM de otros proyectos • http://www.openwall.com/lists/oss-security/2022/05/17/8 https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2478 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-30946 – plugin: CSRF vulnerability in Script Security Plugin

https://notcve.org/view.php?id=CVE-2022-30946

A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en el plugin de seguridad de scripts de Jenkins versiones 1158.v7c1b_73a_69a_08 y anteriores, permite a atacantes hacer que Jenkins envíe una petición HTTP a un servidor web especificado por el atacante • http://www.openwall.com/lists/oss-security/2022/05/17/8 https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2116 https://access.redhat.com/security/cve/CVE-2022-30946 https://bugzilla.redhat.com/show_bug.cgi?id=2119643 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-30945 – plugin: Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Pipeline: Groovy Plugin

https://notcve.org/view.php?id=CVE-2022-30945

Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines. Jenkins Pipeline: Groovy Plugin versiones 2689.v434009a_31b_f1 y anteriores, permite cargar cualquier archivo fuente Groovy en el classpath de Jenkins y de los plugins de Jenkins en pipelines de sandbox A flaw was found in Jenkins Groovy Plugin. The plugin allows pipelines to load Groovy source files. The intent is to allow Global Shared Libraries to execute without sandbox protection. The issue is that the plugin allows any Groovy source files bundled with Jenkins core and plugins to be loaded this way and their methods executed. • http://www.openwall.com/lists/oss-security/2022/05/17/8 https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-359 https://access.redhat.com/security/cve/CVE-2022-30945 https://bugzilla.redhat.com/show_bug.cgi?id=2119642 • CWE-693: Protection Mechanism Failure •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-30952 – plugin: User-scoped credentials exposed to other users by Pipeline SCM API for Blue Ocean Plugin

https://notcve.org/view.php?id=CVE-2022-30952

Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins. La API SCM de Jenkins Pipeline para el plugin Blue Ocean versiones 1.25.3 y anteriores, permite a atacantes con permiso de Job/Configure acceder a credenciales con IDs especificados por el atacante almacenados en los almacenes privados de credenciales por usuario de cualquier usuario especificado por el atacante en Jenkins • http://www.openwall.com/lists/oss-security/2022/05/17/8 https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-714 https://access.redhat.com/security/cve/CVE-2022-30952 https://bugzilla.redhat.com/show_bug.cgi?id=2119645 • CWE-522: Insufficiently Protected Credentials CWE-668: Exposure of Resource to Wrong Sphere •