CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2118
https://notcve.org/view.php?id=CVE-2020-2118
12 Feb 2020 — A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. Una falta de comprobación de permiso en Jenkins Pipeline GitHub Notify Step Plugin versiones 1.0.4 y anteriores, en métodos relacionados con formularios permitió a usuarios con acceso General y de Lectura enumerar ID de credenciales almacenadas en Jenkins. • http://www.openwall.com/lists/oss-security/2020/02/12/3 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2116
https://notcve.org/view.php?id=CVE-2020-2116
12 Feb 2020 — A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Una vulnerabilidad de tipo cross-site request forgery en Jenkins Pipeline GitHub Notify Step Plugin versiones 1.0.4 y anteriores, permite a atacantes conectar con una URL especificada por el atacante utilizando ID de credenciales esp... • http://www.openwall.com/lists/oss-security/2020/02/12/3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2117
https://notcve.org/view.php?id=CVE-2020-2117
12 Feb 2020 — A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Una falta de comprobación de permiso en Jenkins Pipeline GitHub Notify Step Plugin versiones 1.0.4 y anteriores, permite a atacantes con permiso Overall/Read conectar con una URL especificada por el atacante usando ID de... • http://www.openwall.com/lists/oss-security/2020/02/12/3 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10315
https://notcve.org/view.php?id=CVE-2019-10315
30 Apr 2019 — Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF. Jenkins GitHub Authentication Plugin versión 0.31 y anteriores no usa el parámetro de estado de OAuth para prevenirse de un ataque CSRF. • http://www.openwall.com/lists/oss-security/2019/04/30/5 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1003018
https://notcve.org/view.php?id=CVE-2019-1003018
06 Feb 2019 — An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret. Existe una vulnerabilidad de exposición de información sensible en Jenkins GitHub Authentication Plugin, en versiones 0.29 y anteriores, en GithubSecurityRealm/config.jelly, que permite qu... • https://jenkins.io/security/advisory/2019-01-28/#SECURITY-602 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1003019
https://notcve.org/view.php?id=CVE-2019-1003019
06 Feb 2019 — An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. Existe una vulnerabilidad de fijación de sesión en Jenkins GitHub Authentication Plugin, en versiones 0.29 y posteriores, en GithubSecurityRealm.java que permite que los atacantes no autorizados suplanten otro usuario si pueden controlar la sesión de preautenticación. • https://jenkins.io/security/advisory/2019-01-28/#SECURITY-797 • CWE-384: Session Fixation •
CVSS: 8.8EPSS: 94%CPEs: 1EXPL: 0CVE-2018-1000600
https://notcve.org/view.php?id=CVE-2018-1000600
26 Jun 2018 — A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Existe una vulnerabilidad de exposición de información sensible en el plugin de Jenkins GitHub en versiones 1.29.1 y anteriores en GitHubTokenCredentialsCreator.java que permite que los atacantes capturen cr... • https://jenkins.io/security/advisory/2018-06-25/#SECURITY-915 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000183
https://notcve.org/view.php?id=CVE-2018-1000183
05 Jun 2018 — A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Una vulnerabilidad de exposición de información sensible en el plugin GitHub 1.29.0 y anteriores de Jenkins en GitHubServerConfig.java que permite que los atacantes con acceso Overall/... • https://jenkins.io/security/advisory/2018-06-04/#SECURITY-804 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000184
https://notcve.org/view.php?id=CVE-2018-1000184
05 Jun 2018 — A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. Existe una vulnerabilidad Server-Side Request Forgery en el plugin GitHub en versiones 1.29.0 y anteriores de Jenkins en GitHubPluginConfig.java que permite que los atacantes con acceso Overall/Read provoquen que Jenkins envíe una petición GET a un URL específico. • https://jenkins.io/security/advisory/2018-06-04/#SECURITY-799 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000185
https://notcve.org/view.php?id=CVE-2018-1000185
05 Jun 2018 — A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. Existe una vulnerabilidad Server-Side Request Forgery en el plugin GitHub Branch Source en versiones 2.3.4 y anteriores de Jenkins en Endpoint.java que permite que los atacantes con acceso Overall/Read provoquen que Jenkins envíe una petición GET a un URL específico. • https://jenkins.io/security/advisory/2018-06-04/#SECURITY-806 • CWE-918: Server-Side Request Forgery (SSRF) •