CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1003047
https://notcve.org/view.php?id=CVE-2019-1003047
28 Mar 2019 — A missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. La falta de una comprobación de permisos en Jenkins Fortify en el plugin "Demand Uploader", en versiones 3.0.10 y anteriores, permite a los atacantes con permisos "Overall/Read" iniciar una conexión a un servidor especificado por el atacante. • http://www.openwall.com/lists/oss-security/2019/03/28/2 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000607
https://notcve.org/view.php?id=CVE-2018-1000607
26 Jun 2018 — A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by the permissions of the user the Jenkins master process is running as. Existe una vulnerabilidad de escritura de archivos arbitrarios en el plugin de Jenkins Fortify CloudScan en versiones 1.5.1 y anteriores en ArchiveUtil.java que permite a los atacantes c... • https://jenkins.io/security/advisory/2018-06-25/#SECURITY-870 • CWE-20: Improper Input Validation •