» 2022 » 7월

CVE-2022-33943

Posted on 2022년 7월 28일2022년 7월 28일 by admin

CVE-2022-33943

Authenticated (contributor or higher user role) Cross-Site Scripting (XSS) vulnerability in Nico Amarilla’s BxSlider WP plugin <= 2.0.0 at WordPress.

Source: CVE-2022-33943

CVE-2022-36922

Posted on 2022년 7월 28일2022년 7월 28일 by admin

CVE-2022-36922

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the ‘search’ result page, resulting in a reflected cross-site scripting (XSS) vulnerability.

Source: CVE-2022-36922

CVE-2022-36921

Posted on 2022년 7월 28일2022년 7월 28일 by admin

CVE-2022-36921

A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Source: CVE-2022-36921

CVE-2022-36920

Posted on 2022년 7월 28일2022년 7월 28일 by admin

CVE-2022-36920

A cross-site request forgery (CSRF) vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Source: CVE-2022-36920

CVE-2022-36919

Posted on 2022년 7월 28일2022년 7월 28일 by admin

CVE-2022-36919

A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Source: CVE-2022-36919

CVE-2022-36918

Posted on 2022년 7월 28일2022년 7월 28일 by admin

CVE-2022-36918

Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

Source: CVE-2022-36918

CVE-2022-36917

Posted on 2022년 7월 28일2022년 7월 28일 by admin

CVE-2022-36917

A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers with Overall/Read permission to request a manual backup.

Source: CVE-2022-36917

CVE-2022-36916

Posted on 2022년 7월 28일2022년 7월 28일 by admin

CVE-2022-36916

A cross-site request forgery (CSRF) vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers to request a manual backup.

Source: CVE-2022-36916

CVE-2022-36915

Posted on 2022년 7월 28일2022년 7월 28일 by admin

CVE-2022-36915

Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.

Source: CVE-2022-36915

CVE-2022-36914

Posted on 2022년 7월 28일2022년 7월 28일 by admin

CVE-2022-36914

Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

Source: CVE-2022-36914