CVE-2023-50775
- EPSS 0.05%
- Published 13.12.2023 18:15:44
- Last modified 21.11.2024 08:37:17
A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs.
CVE-2022-34797
- EPSS 0.11%
- Published 30.06.2022 18:15:13
- Last modified 21.11.2024 07:10:12
A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials.
CVE-2022-34798
- EPSS 0.78%
- Published 30.06.2022 18:15:13
- Last modified 21.11.2024 07:10:12
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials.
CVE-2022-34799
- EPSS 0.62%
- Published 30.06.2022 18:15:13
- Last modified 21.11.2024 07:10:12
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
CVE-2022-34795
- EPSS 14.25%
- Published 30.06.2022 18:15:12
- Last modified 21.11.2024 07:10:12
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.
CVE-2022-34796
- EPSS 0.97%
- Published 30.06.2022 18:15:12
- Last modified 21.11.2024 07:10:12
A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.