Page 132 of 1626 results (0.015 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-23113

https://notcve.org/view.php?id=CVE-2022-23113

Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files. El plugin Jenkins Publish Over SSH versiones 1.22 y anteriores, lleva a cabo una comprobación del nombre del archivo especificando si está presente o no, resultando en una vulnerabilidad de salto de ruta que permite a atacantes con permiso Item/Configure detectar el nombre de los archivos del controlador Jenkins • http://www.openwall.com/lists/oss-security/2022/01/12/6 https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2307 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-23112

https://notcve.org/view.php?id=CVE-2022-23112

A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials. Una falta de comprobación de permisos en Jenkins Publish Over SSH Plugin versiones 1.22 y anteriores, permite a atacantes con acceso Overall/Read conectarse a un servidor SSH especificado por el atacante usando credenciales especificadas por el atacante • http://www.openwall.com/lists/oss-security/2022/01/12/6 https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290 • CWE-862: Missing Authorization •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-23111

https://notcve.org/view.php?id=CVE-2022-23111

A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Jenkins Publish Over SSH Plugin versiones 1.22 y anteriores, permite a atacantes conectarse a un servidor SSH especificado por el atacante usando credenciales especificadas por el atacante • http://www.openwall.com/lists/oss-security/2022/01/12/6 https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-23110

https://notcve.org/view.php?id=CVE-2022-23110

Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. El plugin Jenkins Publish Over SSH versiones 1.22 y anteriores, no escapan el nombre del servidor SSH, lo que resulta en una vulnerabilidad de tipo cross-site scripting (XSS) almacenada explotable por atacantes con permiso Overall/Administer • http://www.openwall.com/lists/oss-security/2022/01/12/6 https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2287 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-23109

https://notcve.org/view.php?id=CVE-2022-23109

Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed. El plugin Jenkins HashiCorp Vault versiones 3.7.0 y anteriores, no enmascara las credenciales de Vault en los registros de construcción de Pipeline o en las descripciones de los pasos de Pipeline cuando Pipeline: Groovy Plugin versión 2.85 o posterior es instalado • http://www.openwall.com/lists/oss-security/2022/01/12/6 https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2213 • CWE-522: Insufficiently Protected Credentials •