Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2019-10373: Jenkins Security Advisory 2019-08-07

A stored cross-site scripting vulnerability in Jenkins Build Pipeline Plugin 1.5.8 and earlier allows attackers able to edit the build pipeline description to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.

CVE
#xss#csrf#vulnerability#web#google#git#java#perl#ssrf#vmware#oauth#auth#zero_day#sap#ssl
CVE-2019-10382: Jenkins Security Advisory 2019-08-07

Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM.

CVE-2019-10381: Jenkins Security Advisory 2019-08-07

Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM.

CVE-2019-10367: Jenkins Security Advisory 2019-08-07

Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied.

CVE-2019-10371: Jenkins Security Advisory 2019-08-07

A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.

CVE-2019-10186: Invalid Bug ID

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.

CVE-2019-10343: Jenkins Security Advisory 2019-07-31

Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied.

CVE-2019-10365: Jenkins Security Advisory 2019-07-31

Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission.

CVE-2019-10360: Jenkins Security Advisory 2019-07-31

A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.

CVE-2019-10359: Jenkins Security Advisory 2019-07-31

A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified options.