Page 2 of 8 results (0.007 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials. Una falta de comprobación de permisos en Jenkins NS-ND Integration Performance Publisher Plugin versiones 4.8.0.129 y anteriores, permite a atacantes con permisos Overall/Read conectarse a un servidor web especificado por el atacante usando credenciales especificadas por el atacante • https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2737 • CWE-862: Missing Authorization •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. Una vulnerabilidad de falsificación de tipo cross-site request forgery (CSRF) en Jenkins NS-ND Integration Performance Publisher Plugin versiones 4.8.0.129 y anteriores, permite a atacantes conectarse a un servidor web especificado por el atacante usando credenciales especificadas por el mismo • https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2737 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Jenkins NS-ND Integration Performance Publisher Plugin versiones 4.8.0.77 y anteriores, no escapan el nombre de los parámetros NetStorm Test en las visualizaciones que muestran parámetros, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado que puede ser explotada por atacantes con permiso Item/Configure • https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •