Page 122 of 1626 results (0.004 seconds)

CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-27198

https://notcve.org/view.php?id=CVE-2022-27198

A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en el plugin Jenkins CloudBees AWS Credentials versiones 189.v3551d5642995 y anteriores, permite a atacantes con permiso Overall/Read conectarse a un servicio de AWS usando un token especificado por el atacante • http://www.openwall.com/lists/oss-security/2022/03/15/2 https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2351 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-27197

https://notcve.org/view.php?id=CVE-2022-27197

Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views. El Plugin Jenkins Dashboard View versiones 2.18 y anteriores, no lleva a cabo una comprobación de la URL para la URL de origen del Iframe Portlet, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenada explotable por atacantes capaces de configurar las visualizaciones • http://www.openwall.com/lists/oss-security/2022/03/15/2 https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2559 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-27196

https://notcve.org/view.php?id=CVE-2022-27196

Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions. El Plugin Jenkins Favorite versiones 2.4.0 y anteriores, no escapan los nombres de los trabajos en la columna de favoritos, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenada explotable por atacantes con permisos de Item/Configure o Item/Create • http://www.openwall.com/lists/oss-security/2022/03/15/2 https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2557 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-27195

https://notcve.org/view.php?id=CVE-2022-27195

Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their `build.xml` files. These values are stored unencrypted and can be viewed by users with access to the Jenkins controller file system. El Plugin Parameterized Trigger de Jenkins versiones 2.43 y anteriores, captura las variables de entorno pasadas a las construcciones desencadenadas mediante el plugin Parameterized Trigger de Jenkins, incluyendo los valores de los parámetros de la contraseña, en sus archivos "build.xml". Estos valores son almacenados sin cifrar y pueden ser visualizados por usuarios con acceso al sistema de archivos del controlador de Jenkins • http://www.openwall.com/lists/oss-security/2022/03/15/2 https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2185 •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-25212

https://notcve.org/view.php?id=CVE-2022-25212

A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Jenkins SWAMP Plugin versiones 1.2.6 y anteriores, permite a atacantes conectarse a un servidor web especificado por el atacante usando credenciales especificadas por el atacante • https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-1988 • CWE-352: Cross-Site Request Forgery (CSRF) •