Jenkins

Job And Node Ownership

5 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2022-28149

  • EPSS 31.6%
  • Veröffentlicht 29.03.2022 13:15:09
  • Zuletzt bearbeitet 21.11.2024 06:56:50

Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

8.8

CVE-2022-28150

  • EPSS 0.05%
  • Veröffentlicht 29.03.2022 13:15:09
  • Zuletzt bearbeitet 21.11.2024 06:56:51

A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job.

4.3

CVE-2022-28151

  • EPSS 0.36%
  • Veröffentlicht 29.03.2022 13:15:09
  • Zuletzt bearbeitet 21.11.2024 06:56:51

A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job.

4.3

CVE-2022-28152

  • EPSS 0.06%
  • Veröffentlicht 29.03.2022 13:15:09
  • Zuletzt bearbeitet 21.11.2024 06:56:51

A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job.

6.5

CVE-2018-1000107

  • EPSS 0.02%
  • Veröffentlicht 13.03.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:39:39

An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Config...