CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5298
https://notcve.org/view.php?id=CVE-2015-5298
The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification. The Google Login Plugin (versiones 1.0 y 1.1) permite a usuarios anónimos maliciosos autenticarse con éxito contra instancias de Jenkins que es supuesto que están bloqueadas a un dominio particular de Google Apps mediante la modificación de peticiones del lado del cliente • http://exfiltrated.com/research-CVE-2015-5298.php https://www.jenkins.io/security/advisory/2015-10-12 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34818
https://notcve.org/view.php?id=CVE-2022-34818
Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints, allowing attackers with Overall/Read permission to disable jobs. Jenkins Failed Job Deactivator Plugin versiones 1.2.1 y anteriores, no lleva a cabo comprobaciones de permisos en varias visualizaciones y endpoints HTTP, permitiendo a atacantes con permiso Overall/Read deshabilitar trabajos • https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2061 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34817
https://notcve.org/view.php?id=CVE-2022-34817
A cross-site request forgery (CSRF) vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Jenkins Failed Job Deactivator Plugin versiones 1.2.1 y anteriores, permite a atacantes deshabilitar trabajos • https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2061 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34816
https://notcve.org/view.php?id=CVE-2022-34816
Jenkins HPE Network Virtualization Plugin 1.0 stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. Jenkins HPE Network Virtualization Plugin versión 1.0, almacena contraseñas sin cifrar en su archivo de configuración global en el controlador de Jenkins, donde pueden ser visualizadas por usuarios con acceso al sistema de archivos del controlador de Jenkins • https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2080 • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34815
https://notcve.org/view.php?id=CVE-2022-34815
A cross-site request forgery (CSRF) vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs. Una vulnerabilidad de cross-site request forgery (CSRF) en Jenkins Request Rename Or Delete Plugin versiones 1.1.0 y anteriores, permite a atacantes aceptar peticiones pendientes, renombrando o eliminando trabajos • https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2657 • CWE-352: Cross-Site Request Forgery (CSRF) •