GHSA-788m-27g4-cf86: Cross site scripting in Silverpeas Core

GHSA-wh3h-j8wp-6p42: CSRF vulnerability in Jenkins Azure Service Fabric Plugin 

GHSA-969g-rq57-c79h: Disabled permissions can be granted by Folder-based in Jenkins Authorization Strategy Plugin

GHSA-gp8p-49gr-jv8j: Missing permission checks in Jenkins Azure Service Fabric Plugin 

GHSA-qjw6-xvrm-5f2h: Bitbucket Server Integration Plugin allows bypassing CSRF protection for any URL

The Jenkins Azure Service Fabric Plugin 1.6 and earlier does not perform permission checks in several HTTP endpoints.

This allows attackers with Overall/Read permission to enumerate credentials IDs of Azure credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.


**Missing permission checks in Jenkins Azure Service Fabric Plugin**

Moderate severity GitHub Reviewed Published Jan 22, 2025 to the GitHub Advisory Database • Updated Jan 22, 2025

Headline

GHSA-gp8p-49gr-jv8j: Missing permission checks in Jenkins Azure Service Fabric Plugin

ghsa: Latest News