Total
5262 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38183 | 1 Gitea | 1 Gitea | 2024-11-21 | 6.5 Medium |
| In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access to private issue titles. | ||||
| CVE-2022-36921 | 1 Jenkins | 1 Coverity | 2024-11-21 | 8.1 High |
| A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-36919 | 1 Jenkins | 1 Coverity | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-36918 | 1 Jenkins | 1 Buckminster | 2024-11-21 | 4.3 Medium |
| Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | ||||
| CVE-2022-36917 | 1 Jenkins | 1 Google Cloud Backup | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers with Overall/Read permission to request a manual backup. | ||||
| CVE-2022-36915 | 1 Jenkins | 1 Android Signing | 2024-11-21 | 4.3 Medium |
| Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. | ||||
| CVE-2022-36914 | 1 Jenkins | 1 Files Found Trigger | 2024-11-21 | 4.3 Medium |
| Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | ||||
| CVE-2022-36913 | 1 Jenkins | 1 Openstack Heat | 2024-11-21 | 4.3 Medium |
| Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | ||||
| CVE-2022-36910 | 1 Jenkins | 1 Lucene-search | 2024-11-21 | 5.4 Medium |
| Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them. | ||||
| CVE-2022-36909 | 1 Jenkins | 1 Openshift Deployer | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL. | ||||
| CVE-2022-36907 | 1 Jenkins | 1 Openshift Deployer | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. | ||||
| CVE-2022-36904 | 1 Jenkins | 1 Repository Connector | 2024-11-21 | 4.3 Medium |
| Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | ||||
| CVE-2022-36903 | 1 Jenkins | 1 Repository Connector | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-36898 | 1 Jenkins | 1 Compuware Ispw Operations | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-36897 | 1 Jenkins | 1 Compuware Xpediter Code Coverage | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-36896 | 1 Jenkins | 1 Compuware Source Code Download For Endevor\, Pds\, And Ispw | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-36895 | 1 Jenkins | 1 Compuware Topaz Utilities | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-36893 | 1 Jenkins | 1 Rpmsign-plugin | 2024-11-21 | 4.3 Medium |
| Jenkins rpmsign-plugin Plugin 0.5.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. | ||||
| CVE-2022-36892 | 1 Jenkins | 1 Rhnpush-plugin | 2024-11-21 | 4.3 Medium |
| Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. | ||||
| CVE-2022-36891 | 1 Jenkins | 1 Deployer Framework | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs. | ||||