CVE-2022-28152
https://notcve.org/view.php?id=CVE-2022-28152
A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Jenkins Job and Node ownership Plugin versiones 0.13.0 y anteriores, permite a atacantes restaurar la propiedad por defecto de un trabajo • http://www.openwall.com/lists/oss-security/2022/03/29/1 https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2062%20%282%29 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-28151
https://notcve.org/view.php?id=CVE-2022-28151
A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job. Una falta de comprobación de permisos en Jenkins Job and Node ownership Plugin versiones 0.13.0 y anteriores, permite a atacantes con permiso Item/Read cambiar los propietarios y los permisos específicos de un trabajo • http://www.openwall.com/lists/oss-security/2022/03/29/1 https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2062%20%281%29 • CWE-862: Missing Authorization •
CVE-2022-28150
https://notcve.org/view.php?id=CVE-2022-28150
A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Jenkins Job and Node ownership Plugin versiones 0.13.0 y anteriores, permite a atacantes cambiar los propietarios y los permisos específicos de un trabajo • http://www.openwall.com/lists/oss-security/2022/03/29/1 https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2062%20%281%29 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-28149
https://notcve.org/view.php?id=CVE-2022-28149
Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Jenkins Job and Node ownership Plugin versiones 0.13.0 y anteriores, no escapa a los nombres de los propietarios secundarios, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado que puede ser explotada por atacantes con permiso de Item/Configure • http://www.openwall.com/lists/oss-security/2022/03/29/1 https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2285 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-1000107
https://notcve.org/view.php?id=CVE-2018-1000107
An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Configure permission and without Ownership related permissions to override ownership metadata. Existe una vulnerabilidad de autorización incorrecta en el plugin Job and Node Ownership para Jenkins, en versiones 0.11.0 y anteriores, en OwnershipDescription.java, JobOwnerJobProperty.java y OwnerNodeProperty.java que permite que un atacante con permisos Job/Configure o Computer/Configure y sin permisos Ownership para sobrescribir los metadatos de propiedad. • https://jenkins.io/security/advisory/2018-02-26/#SECURITY-498 • CWE-863: Incorrect Authorization •