Security
Headlines
HeadlinesLatestCVEs

Tag

#ssrf

CVE-2022-34780: Jenkins Security Advisory 2022-06-30

A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE
Open in Source
#xss#csrf#vulnerability#web#cisco#git#java#xpath#ssrf#auth
CVE-2022-34796: Jenkins Security Advisory 2022-06-30

A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

CVE-2022-34814: Jenkins Security Advisory 2022-06-30

Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration page listing pending requests.

CVE-2022-34808: Jenkins Security Advisory 2022-06-30

Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

CVE-2022-34785: Jenkins Security Advisory 2022-06-30

Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them.

CVE-2022-34797: Jenkins Security Advisory 2022-06-30

A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials.

CVE-2022-34800: Jenkins Security Advisory 2022-06-30

Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

CVE-2022-26135: [JRASERVER-73863] Full Read SSRF in Mobile Plugin CVE-2022-26135

A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.

GHSA-pf6p-25r2-fx45: Server-Side Request Forgery in dompdf/dompdf

Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.

CVE-2022-0085: Add a default context · dompdf/dompdf@bb1ef65

Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.