3 results (0.009 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database. • http://www.openwall.com/lists/oss-security/2023/04/13/3 https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-3013 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting (XSS) vulnerability. Jenkins Lucene-Search Plugin versiones 370.v62a5f618cd3a y anteriores, no escapa del parámetro de consulta de búsqueda que es mostrado en la página de resultados de "search", resultando en una vulnerabilidad de tipo cross-site scripting (XSS) reflejado • http://www.openwall.com/lists/oss-security/2022/07/27/1 https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2812 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them. Jenkins Lucene-Search Plugin versiones 370.v62a5f618cd3a y anteriores, no lleva a cabo una comprobación de permisos en varios endpoints HTTP, permitiendo a atacantes con permiso Overall/Read reindexar la base de datos y obtener información sobre trabajos que de otro modo serían inaccesibles para ellos • http://www.openwall.com/lists/oss-security/2022/07/27/1 https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2048 • CWE-862: Missing Authorization •