NotCVE - vendor:"Jenkins" product:"Pipeline Github Notify Step"

3 results (0.003 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-2118

https://notcve.org/view.php?id=CVE-2020-2118

12 Feb 2020 — A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. Una falta de comprobación de permiso en Jenkins Pipeline GitHub Notify Step Plugin versiones 1.0.4 y anteriores, en métodos relacionados con formularios permitió a usuarios con acceso General y de Lectura enumerar ID de credenciales almacenadas en Jenkins. • http://www.openwall.com/lists/oss-security/2020/02/12/3 • CWE-276: Incorrect Default Permissions •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-2116

https://notcve.org/view.php?id=CVE-2020-2116

12 Feb 2020 — A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Una vulnerabilidad de tipo cross-site request forgery en Jenkins Pipeline GitHub Notify Step Plugin versiones 1.0.4 y anteriores, permite a atacantes conectar con una URL especificada por el atacante utilizando ID de credenciales esp... • http://www.openwall.com/lists/oss-security/2020/02/12/3 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-2117

https://notcve.org/view.php?id=CVE-2020-2117

12 Feb 2020 — A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Una falta de comprobación de permiso en Jenkins Pipeline GitHub Notify Step Plugin versiones 1.0.4 y anteriores, permite a atacantes con permiso Overall/Read conectar con una URL especificada por el atacante usando ID de... • http://www.openwall.com/lists/oss-security/2020/02/12/3 • CWE-276: Incorrect Default Permissions •