3 results (0.002 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-10310

https://notcve.org/view.php?id=CVE-2019-10310

30 Apr 2019 — A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins Una vulnerabilidad de tipo cross-site request forgery en Jenkins Ansible Tower Plugin versión 0.9.1 y anteriores en el método de comprobac... • http://www.openwall.com/lists/oss-security/2019/04/30/5 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-10311

https://notcve.org/view.php?id=CVE-2019-10311

30 Apr 2019 — A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Una falta de comprobación de permiso en Jenkins Ansible Tower plugin versión 0.9.1 y versiones anteriores en el método de comprobación ... • http://www.openwall.com/lists/oss-security/2019/04/30/5 • CWE-862: Missing Authorization •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-10312

https://notcve.org/view.php?id=CVE-2019-10312

30 Apr 2019 — A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. Una falta de comprobación de permisos en Jenkins Ansible Tower Plugin versión 0.9.1 y anteriores, en el método TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems permitió a los atacantes con permiso Overall/Read... • http://www.openwall.com/lists/oss-security/2019/04/30/5 • CWE-862: Missing Authorization •