Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2020-2322: Jenkins Security Advisory 2020-12-03

Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks.

CVE
#csrf#vulnerability#git#ssrf#docker#ssl
CVE-2020-2316: Jenkins Security Advisory 2020-11-04

Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

CVE-2020-2303: Jenkins Security Advisory 2020-11-04

A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credentials.

CVE-2020-2317: Jenkins Security Advisory 2020-11-04

Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step.

CVE-2020-28033: WordPress 5.5.2 Security and Maintenance Release

WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed.

CVE-2020-12501: VDE-2020-040 | CERT@VDE

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.

CVE-2020-2296: Jenkins Security Advisory 2020-10-08

A cross-site request forgery (CSRF) vulnerability in Jenkins Shared Objects Plugin 0.44 and earlier allows attackers to configure shared objects.