| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints, allowing attackers with Overall/Read permission to disable jobs. |
| A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions. |
| A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. |
| A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
| Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. |
| A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
| Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. |
| Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
| A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
| A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL. |
| A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. |
| A missing permission check in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. |
| A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL. |
| A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server. |
| A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. |
| In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check. |
| An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings. |
| Missing authorization vulnerability in the system components. Successful exploitation of this vulnerability will affect confidentiality. |
| Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data. |
| The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality. |
