CVE-2022-34184
- EPSS 31.6%
- Veröffentlicht 23.06.2022 17:15:16
- Zuletzt bearbeitet 21.11.2024 07:09:01
Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable b...
CVE-2019-10437
- EPSS 0.09%
- Veröffentlicht 16.10.2019 14:15:11
- Zuletzt bearbeitet 21.11.2024 04:19:08
A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing ...
CVE-2019-10438
- EPSS 0.05%
- Veröffentlicht 16.10.2019 14:15:11
- Zuletzt bearbeitet 21.11.2024 04:19:08
A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another metho...
CVE-2019-10439
- EPSS 0.03%
- Veröffentlicht 16.10.2019 14:15:11
- Zuletzt bearbeitet 21.11.2024 04:19:08
A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.