In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections fails to take effect until Jenkins is restarted when switching from disabled validation to enabled validation.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-06
Updated
2024-03-06
In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections is disabled by default.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-06
Updated
2024-03-06
Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-06
Updated
2024-03-06
A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-06
Updated
2024-03-06
A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-06
Updated
2024-03-06
Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-06
Updated
2024-03-06
Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-06
Updated
2024-03-06
SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-22
Updated
2024-03-22
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!