Page 90 of 1626 results (0.008 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. Jenkins Deployment Dashboard Plugin versiones 1.0.10 y anteriores, almacena una contraseña sin cifrar en su archivo de configuración global en el controlador Jenkins donde puede ser visualizada por usuarios con acceso al sistema de archivos del controlador Jenkins • https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2070 • CWE-522: Insufficiently Protected Credentials •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. Jenkins Deployment Dashboard Plugin versiones 1.0.10 y anteriores, no lleva a cabo una comprobación de permisos en varios endpoints HTTP, lo que permite a atacantes con permiso Overall/Read conectarse a una URL HTTP especificada por el atacante usando credenciales especificadas por el atacante • https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2798%20%282%29 • CWE-862: Missing Authorization •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Jenkins Deployment Dashboard Plugin versiones 1.0.10 y anteriores, permite a atacantes conectarse a una URL HTTP especificada por el atacante usando credenciales especificadas por el atacante • https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2798%20%282%29 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Una falta de comprobación de permisos en Jenkins Deployment Dashboard Plugin versiones 1.0.10 y anteriores, permite a atacantes con permiso Overall/Read enumerar los IDs de las credenciales almacenadas en Jenkins • https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2798%20%281%29 • CWE-862: Missing Authorization •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. Jenkins Deployment Dashboard Plugin versiones 1.0.10 y anteriores, no escapan los nombres de entorno en su Visualización del Panel de Control del Despliegue, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenada explotable por atacantes con permiso View/Configure • https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2799 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •