CVE-2023-3315
- EPSS 0.18%
- Published 19.06.2023 21:15:42
- Last modified 11.12.2024 17:15:13
Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
CVE-2019-16567
- EPSS 0.03%
- Published 17.12.2019 15:15:21
- Last modified 21.11.2024 04:30:50
A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
CVE-2019-16565
- EPSS 0.1%
- Published 17.12.2019 15:15:20
- Last modified 21.11.2024 04:30:50
A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials store...
CVE-2019-16566
- EPSS 0.05%
- Published 17.12.2019 15:15:20
- Last modified 21.11.2024 04:30:50
A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing cred...