Skip to content

TechMedia

Header Image

[org.jenkins-ci.plugins:ws-execution-manager] CSRF vulnerability and mM

  • Posted inMODERATE
  • Posted byWpmaster
  • 09/22/202212/12/2022

Worksoft Execution Manager Plugin 10.0.3.503 and earlier does not perform a permission check in a method implementing form validation.
This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified c…

[org.jenkins-ci.plugins:rundeck] Missing webhook endpoint authorization in Jenkins Rundeck Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 09/22/202212/09/2022

Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be triggerable via Rundeck.
References

https://nvd.nist.gov/…

[org.jenkins-ci.plugins:ws-execution-manager] CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin allows capturing credentials

  • Posted inMODERATE
  • Posted byWpmaster
  • 09/22/202212/07/2022

Worksoft Execution Manager Plugin 10.0.3.503 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified c…

[com.groupon.jenkins-ci.plugins:DotCi] Stored XSS vulnerability in Jenkins DotCi Plugin

  • Posted inHIGH
  • Posted byWpmaster
  • 09/22/202212/07/2022

DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to s…

[com.groupon.jenkins-ci.plugins:DotCi] Lack of authentication mechanism in Jenkins DotCi Plugin webhook

  • Posted inMODERATE
  • Posted byWpmaster
  • 09/22/202212/07/2022

DotCi Plugin provides a webhook endpoint at /githook/ that can be used to trigger builds of the job for a GitHub repository.
In DotCi Plugin 2.40.00 and earlier, this endpoint can be accessed without authentication.
This allows unauthenticated attacker…

[org.jenkins-ci.plugins:walti] Stored XSS vulnerability in Jenkins Walti plugin

  • Posted inHIGH
  • Posted byWpmaster
  • 09/22/202212/07/2022

Jenkins Walti Plugin 1.0.1 and earlier does not escape the information provided by the Walti API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide malicious API responses from Walti.
References

ht…

[org.jenkins-ci.plugins:security-inspector] CSRF vulnerability in Jenkins Security Inspector plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 09/22/202212/07/2022

Security Inspector Plugin 117.v6eecc36919c2 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability. This vulnerability allows attackers to replace the generated report stored in a…

[org.jenkins-ci.plugins:rundeck] Jenkins Rundeck Plugin Missing Authorization vulnerability

  • Posted inMODERATE
  • Posted byWpmaster
  • 09/22/202212/07/2022

Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifact…

[org.jenkins-ci.plugins:build-publisher] Jenkins build-publisher plugin vulnerable to cross-site request forgery

  • Posted inHIGH
  • Posted byWpmaster
  • 09/22/202212/07/2022

A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API end…

[io.jenkins.plugins:cavisson-ns-nd-integration] Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-site Scripting

  • Posted inMODERATE
  • Posted byWpmaster
  • 09/22/202212/06/2022

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers…

Posts navigation

Previous Posts 1 … 81,058 81,059 81,060 81,061 81,062 … 81,135 Next Posts

Recent Posts

  • 大規模対戦ACT『Warlander』PS5/XSX版最新情報を公開―新コンテンツ追加やゲーム改善をリリースに向けて開発中
  • サウナブームが到来!!「ととのう」を提供するべく新サウナ施設や様々なサウナグッズが登場 (マイライフニュース)
  • 吉野家HDの24年2月期、営業益34%増 12年ぶり水準 (日本経済新聞)
  • 【フォト】大規模反攻、夏にずれ込む可能性 ウクライナ首相 (産経新聞)
  • 驚き!地球!グレートネイチャー「探検!未知なる海へ~北極海・ポリネシア~」[解][字]
An error has occurred, which probably means the feed is down. Try again later.
RSS Error: A feed could not be found at `https://nordot.app/-/feed/posts/rss?source_id=646357622673671265&curation_url=true`; the status code is `404` and content-type is `text/html; charset=UTF-8`
  • News
  • Twitter
  • Twilog
  • Scrapbox
  • Twitter log
  • Apple News
  • Mastodon log
  • coron news&archives
  • SNSNews
  • TechnoPlanet
  • iTech
  • ComputerJournal
  • Underground News
  • Last.fm
  • はてなブックマーク
  • Tumblr
  • ツイフィール
  • ウェブサイト利用規約
  • Google提供広告の広告設定
  • 他の広告のオプトアウト
  • Valuecommerce配信広告のオプトアウト
  • Zuck配信広告のオプトアウト
  • i-mobile配信広告のオプトアウト
  • Amazon.co.jpパーソナライズド広告の設定

What’s TechMedia

TechMediaはオープンRSS情報サイトです。世界中のウェブサイトから情報を収集し、検索のヒントになる情報を掲載しています。登録RSSの追加依頼はこちらから

TechMedia
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close