• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-862

CVE-2019-10341

February 26, 2023 by

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE-2019-10342

February 26, 2023 by

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various ‘fillCredentialsIdItems’ methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

CVE-2019-10344

February 26, 2023 by

Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins.

CVE-2019-10354

February 26, 2023 by

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.

CVE-2019-10357

February 26, 2023 by

A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries.

CVE-2019-10290

February 26, 2023 by

A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers with Overall/Read permission to initiate a connection to an attacker-specified server.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 84
  • Go to page 85
  • Go to page 86
  • Go to page 87
  • Go to page 88
  • Interim pages omitted …
  • Go to page 211
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE