CVE-2022-45383
- EPSS 0.75%
- Veröffentlicht 15.11.2022 20:15:11
- Zuletzt bearbeitet 30.04.2025 14:15:27
An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall...
CVE-2022-25187
- EPSS 0.62%
- Veröffentlicht 15.02.2022 17:15:09
- Zuletzt bearbeitet 21.11.2024 06:51:46
Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle.
CVE-2021-21621
- EPSS 0.05%
- Veröffentlicht 24.02.2021 16:15:15
- Zuletzt bearbeitet 21.11.2024 05:48:42
Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some con...
CVE-2019-16539
- EPSS 0.03%
- Veröffentlicht 21.11.2019 15:15:14
- Zuletzt bearbeitet 21.11.2024 04:30:47
A missing permission check in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete support bundles.
CVE-2019-16540
- EPSS 0.36%
- Veröffentlicht 21.11.2019 15:15:14
- Zuletzt bearbeitet 21.11.2024 04:30:47
A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete arbitrary files on the Jenkins master.