|
197341
|
7.1 |
HIGH
Network
|
jenkins
|
p4
|
A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and pa…
|
CWE-352
Origin Validation Error
|
CVE-2021-21655
|
2024-11-21 14:48 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197342
|
4.3 |
MEDIUM
Network
|
jenkins
|
p4
|
Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server…
|
-
|
CVE-2021-21654
|
2024-11-21 14:48 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197343
|
4.3 |
MEDIUM
Network
|
jenkins
|
xray_-_test_management_for_jira
|
Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not perform a permission check in an HTTP endpoint, allowing with Overall/Read permission to enumerate credentials IDs of credent…
|
-
|
CVE-2021-21653
|
2024-11-21 14:48 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197344
|
7.1 |
HIGH
Network
|
jenkins
|
xray_-_test_management_for_jira
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified…
|
CWE-352
Origin Validation Error
|
CVE-2021-21652
|
2024-11-21 14:48 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197345
|
4.3 |
MEDIUM
Network
|
jenkins
|
s3_publisher
|
Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles.
|
-
|
CVE-2021-21651
|
2024-11-21 14:48 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197346
|
4.3 |
MEDIUM
Network
|
jenkins
|
s3_publisher
|
Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain inform…
|
-
|
CVE-2021-21650
|
2024-11-21 14:48 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197347
|
5.4 |
MEDIUM
Network
|
jenkins
|
dashboard_view
|
Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers wit…
|
CWE-79
Cross-site Scripting
|
CVE-2021-21649
|
2024-11-21 14:48 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197348
|
6.1 |
MEDIUM
Network
|
jenkins
|
credentials
|
Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2021-21648
|
2024-11-21 14:48 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197349
|
5.5 |
MEDIUM
Local
|
openapi-generator
|
openapi_generator
|
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK wil…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2021-21430
|
2024-11-21 14:48 |
2021-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197350
|
7.0 |
HIGH
Local
|
openapi-generator
|
openapi_generator
|
Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2021-21428
|
2024-11-21 14:48 |
2021-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
