6 results (0.014 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs. Vulnerabilidad de cross-site request forgery (CSRF) en Jenkins Deployment Dashboard Plugin 1.0.10 y versiones anteriores permite a los atacantes copiar trabajos. • http://www.openwall.com/lists/oss-security/2023/12/13/4 https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3092 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. Jenkins Deployment Dashboard Plugin versiones 1.0.10 y anteriores, almacena una contraseña sin cifrar en su archivo de configuración global en el controlador Jenkins donde puede ser visualizada por usuarios con acceso al sistema de archivos del controlador Jenkins • https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2070 • CWE-522: Insufficiently Protected Credentials •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. Jenkins Deployment Dashboard Plugin versiones 1.0.10 y anteriores, no lleva a cabo una comprobación de permisos en varios endpoints HTTP, lo que permite a atacantes con permiso Overall/Read conectarse a una URL HTTP especificada por el atacante usando credenciales especificadas por el atacante • https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2798%20%282%29 • CWE-862: Missing Authorization •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Jenkins Deployment Dashboard Plugin versiones 1.0.10 y anteriores, permite a atacantes conectarse a una URL HTTP especificada por el atacante usando credenciales especificadas por el atacante • https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2798%20%282%29 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Una falta de comprobación de permisos en Jenkins Deployment Dashboard Plugin versiones 1.0.10 y anteriores, permite a atacantes con permiso Overall/Read enumerar los IDs de las credenciales almacenadas en Jenkins • https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2798%20%281%29 • CWE-862: Missing Authorization •