CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24434
https://notcve.org/view.php?id=CVE-2023-24434
24 Jan 2023 — A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento GitHub Pull Request Builder de Jenkins en su versión 1.42.2 y anteriores permite a los atacantes conectarse a una URL especificada por el atacante util... • https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2789%20%282%29 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24435
https://notcve.org/view.php?id=CVE-2023-24435
24 Jan 2023 — A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Una verificación de permiso faltante en el complemento GitHub Pull Request Builder de Jenkins en su versión 1.42.2 y anteriores permite a los atacantes con permiso general/lectura conectarse a una URL especificada por e... • https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2789%20%282%29 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24436
https://notcve.org/view.php?id=CVE-2023-24436
24 Jan 2023 — A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Una verificación de permiso faltante en el complemento GitHub Pull Request Builder de Jenkins en su versión 1.42.2 y anteriores permite a atacantes con permiso general/lectura enumerar los ID de las credenciales almacenadas en Jenkins. • https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2789%20%281%29 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000186
https://notcve.org/view.php?id=CVE-2018-1000186
05 Jun 2018 — A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Existe una vulnerabilidad de exposición de información sensible en el plugin GitHub Pull Request Builder 1.41.0 y anteriores de Jenkins en GhprbGitHubAuth.java que pe... • https://jenkins.io/security/advisory/2018-06-04/#SECURITY-805 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000142
https://notcve.org/view.php?id=CVE-2018-1000142
05 Apr 2018 — An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials. Existe una vulnerabilidad de exposición de información sensible en el plugin GitHub Pull Request Builder en Jenkins, en versiones 1.39.0 y anteriores, en GhprbCause.java que permite que un atacante con acceso al sistema de archivos local obtenga credenciales GitHub. • https://jenkins.io/security/advisory/2018-03-26/#SECURITY-261 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000143
https://notcve.org/view.php?id=CVE-2018-1000143
05 Apr 2018 — An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials. Existe una vulnerabilidad de exposición de información sensible en el plugin GitHub Pull Request Builder en Jenkins, en versiones 1.39.0 y anteriores, en GhprbCause.java que permite que un atacante con acceso al sistema de archivos local obtenga credenciales GitHub. • https://jenkins.io/security/advisory/2018-03-26/#SECURITY-262 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •