Export limit exceeded: 336746 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9579 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38183 | 1 Gitea | 1 Gitea | 2024-11-21 | 6.5 Medium |
| In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access to private issue titles. | ||||
| CVE-2022-37767 | 1 Pebbletemplates | 1 Pebble Templates | 2024-11-21 | 9.8 Critical |
| Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. NOTE: the vendor disputes this because input to the Pebble templating engine is intended to include arbitrary Java code, and thus either the input should not arrive from an untrusted source, or else the application using the engine should apply restrictions to the input. The engine is not responsible for validating the input. | ||||
| CVE-2022-36921 | 1 Jenkins | 1 Coverity | 2024-11-21 | 8.1 High |
| A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-36919 | 1 Jenkins | 1 Coverity | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-36918 | 1 Jenkins | 1 Buckminster | 2024-11-21 | 4.3 Medium |
| Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | ||||
| CVE-2022-36917 | 1 Jenkins | 1 Google Cloud Backup | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers with Overall/Read permission to request a manual backup. | ||||
| CVE-2022-36915 | 1 Jenkins | 1 Android Signing | 2024-11-21 | 4.3 Medium |
| Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. | ||||
| CVE-2022-36914 | 1 Jenkins | 1 Files Found Trigger | 2024-11-21 | 4.3 Medium |
| Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | ||||
| CVE-2022-36913 | 1 Jenkins | 1 Openstack Heat | 2024-11-21 | 4.3 Medium |
| Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | ||||
| CVE-2022-36910 | 1 Jenkins | 1 Lucene-search | 2024-11-21 | 5.4 Medium |
| Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them. | ||||
| CVE-2022-36909 | 1 Jenkins | 1 Openshift Deployer | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL. | ||||
| CVE-2022-36907 | 1 Jenkins | 1 Openshift Deployer | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. | ||||
| CVE-2022-36904 | 1 Jenkins | 1 Repository Connector | 2024-11-21 | 4.3 Medium |
| Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | ||||
| CVE-2022-36903 | 1 Jenkins | 1 Repository Connector | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-36898 | 1 Jenkins | 1 Compuware Ispw Operations | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-36897 | 1 Jenkins | 1 Compuware Xpediter Code Coverage | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-36896 | 1 Jenkins | 1 Compuware Source Code Download For Endevor\, Pds\, And Ispw | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-36895 | 1 Jenkins | 1 Compuware Topaz Utilities | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-36893 | 1 Jenkins | 1 Rpmsign-plugin | 2024-11-21 | 4.3 Medium |
| Jenkins rpmsign-plugin Plugin 0.5.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. | ||||
| CVE-2022-36892 | 1 Jenkins | 1 Rhnpush-plugin | 2024-11-21 | 4.3 Medium |
| Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. | ||||