Page 81 of 1626 results (0.014 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-36904

https://notcve.org/view.php?id=CVE-2022-36904

Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. Jenkins Repository Connector Plugin versiones 2.2.0 y anteriores, no lleva a cabo una comprobación de permisos en un método que implementa la comprobación de formularios, permitiendo a atacantes con permiso de Overall/Read comprobar la existencia de una ruta de archivo especificada por el atacante en el sistema de archivos del controlador de Jenkins • http://www.openwall.com/lists/oss-security/2022/07/27/1 https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2665%20%282%29 • CWE-862: Missing Authorization •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-36903

https://notcve.org/view.php?id=CVE-2022-36903

A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Una falta de comprobación de permisos en Jenkins Repository Connector Plugin versiones 2.2.0 y anteriores, permite a atacantes con permiso Overall/Read enumerar los IDs de las credenciales almacenadas en Jenkins • http://www.openwall.com/lists/oss-security/2022/07/27/1 https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2665%20%281%29 • CWE-862: Missing Authorization •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-36902

https://notcve.org/view.php?id=CVE-2022-36902

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Jenkins Dynamic Extended Choice Parameter Plugin versiones 1.0.1 y anteriores, no escapa de varios campos de los parámetros Moded Extended Choice, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado explotable por atacantes con permiso Item/Configure • http://www.openwall.com/lists/oss-security/2022/07/27/1 https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2682 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-36901

https://notcve.org/view.php?id=CVE-2022-36901

Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. Jenkins HTTP Request Plugin versiones 1.15 y anteriores, almacena las contraseñas de peticiones HTTP sin cifrar en su archivo de configuración global en el controlador de Jenkins, donde pueden ser visualizadas por usuarios con acceso al sistema de archivos del controlador de Jenkins • http://www.openwall.com/lists/oss-security/2022/07/27/1 https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2053 • CWE-522: Insufficiently Protected Credentials •

CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-36900

https://notcve.org/view.php?id=CVE-2022-36900

Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties. Jenkins Compuware zAdviser API Plugin versiones 1.0.3 y anteriores, no restringe la ejecución de un mensaje controlador/agente a los agentes, permitiendo a atacantes capaces de controlar los procesos de los agentes recuperar las propiedades del sistema Java • http://www.openwall.com/lists/oss-security/2022/07/27/1 https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2630 •