5 results (0.007 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission. Una verificación de permisos incorrecta en Jenkins Support Core Plugin 1206.v14049fa_b_d860 y versiones anteriores permite a atacantes con permiso Support/DownloadBundle descargar un paquete de soporte creado previamente que contiene información limitada a usuarios con permiso General/Administrador. • http://www.openwall.com/lists/oss-security/2022/11/15/4 https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2804 • CWE-863: Incorrect Authorization •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle. Jenkins Support Core Plugin versiones 2.79 y anteriores, no redacta determinada información confidencial en el paquete de soporte • https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2186 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some configurations. Jenkins Support Core Plugin versiones 2.72 y anteriores, proporcionan la autenticación de usuario serializada como parte de la información "About user (basic authentication details only)", que puede incluir el ID de sesión del usuario creando el paquete de soporte en algunas configuraciones • https://www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2150 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

A missing permission check in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete support bundles. Una falta de comprobación de permisos en Jenkins Support Core Plugin versión 2.63 y anteriores, permite a atacantes con permiso General y de Lectura eliminar paquetes de soporte. • http://www.openwall.com/lists/oss-security/2019/11/21/1 https://jenkins.io/security/advisory/2019-11-21/#SECURITY-1634 • CWE-281: Improper Preservation of Permissions •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete arbitrary files on the Jenkins master. Una vulnerabilidad de salto de ruta en Jenkins Support Core Plugin versión 2.63 y anteriores, permite a atacantes con permiso General y de Lectura eliminar archivos arbitrarios en el maestro de Jenkins. • http://www.openwall.com/lists/oss-security/2019/11/21/1 https://jenkins.io/security/advisory/2019-11-21/#SECURITY-1634 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •