CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28152
https://notcve.org/view.php?id=CVE-2022-28152
A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Jenkins Job and Node ownership Plugin versiones 0.13.0 y anteriores, permite a atacantes restaurar la propiedad por defecto de un trabajo • http://www.openwall.com/lists/oss-security/2022/03/29/1 https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2062%20%282%29 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28151
https://notcve.org/view.php?id=CVE-2022-28151
A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job. Una falta de comprobación de permisos en Jenkins Job and Node ownership Plugin versiones 0.13.0 y anteriores, permite a atacantes con permiso Item/Read cambiar los propietarios y los permisos específicos de un trabajo • http://www.openwall.com/lists/oss-security/2022/03/29/1 https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2062%20%281%29 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28150
https://notcve.org/view.php?id=CVE-2022-28150
A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Jenkins Job and Node ownership Plugin versiones 0.13.0 y anteriores, permite a atacantes cambiar los propietarios y los permisos específicos de un trabajo • http://www.openwall.com/lists/oss-security/2022/03/29/1 https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2062%20%281%29 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28149
https://notcve.org/view.php?id=CVE-2022-28149
Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Jenkins Job and Node ownership Plugin versiones 0.13.0 y anteriores, no escapa a los nombres de los propietarios secundarios, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado que puede ser explotada por atacantes con permiso de Item/Configure • http://www.openwall.com/lists/oss-security/2022/03/29/1 https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2285 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-28148
https://notcve.org/view.php?id=CVE-2022-28148
The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers. El explorador de archivos en Jenkins Continuous Integration with Toad Edge Plugin 2.3 y anteriores puede interpretar algunas rutas de archivos como absolutas en Windows, resultando en una vulnerabilidad de salto de ruta que permite a atacantes con permiso de Item/Read obtener el contenido de archivos arbitrarios en los controladores de Windows • http://www.openwall.com/lists/oss-security/2022/03/29/1 https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2654 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •