CVE-2025-47886
- EPSS 0.03%
- Veröffentlicht 14.05.2025 20:35:56
- Zuletzt bearbeitet 12.06.2025 13:36:47
A cross-site request forgery (CSRF) vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password.
CVE-2025-47887
- EPSS 0.03%
- Veröffentlicht 14.05.2025 20:35:56
- Zuletzt bearbeitet 12.06.2025 13:33:00
Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.
CVE-2025-31724
- EPSS 0.13%
- Veröffentlicht 02.04.2025 15:15:59
- Zuletzt bearbeitet 17.04.2025 14:50:40
Jenkins Cadence vManager Plugin 4.0.0-282.v5096a_c2db_275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Je...
CVE-2020-2243
- EPSS 0.23%
- Veröffentlicht 01.09.2020 14:15:12
- Zuletzt bearbeitet 21.11.2024 05:25:04
Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.
CVE-2019-10446
- EPSS 0.05%
- Veröffentlicht 16.10.2019 14:15:12
- Zuletzt bearbeitet 21.11.2024 04:19:09
Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM.