Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-09-21 | CVE-2022-41228 | Missing Authorization vulnerability in Jenkins Ns-Nd Integration Performance Publisher 4.8.0.129/4.8.0.77 A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials. | 8.8 |
2022-09-21 | CVE-2022-41230 | Missing Authorization vulnerability in Jenkins Build-Publisher Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to those Jenkins servers. | 4.3 |
2022-09-21 | CVE-2022-41233 | Missing Authorization vulnerability in Jenkins Rundeck Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled. | 4.3 |
2022-09-21 | CVE-2022-41234 | Missing Authorization vulnerability in Jenkins Rundeck Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be triggerable via Rundeck. | 8.8 |
2022-09-21 | CVE-2022-41238 | Missing Authorization vulnerability in Jenkins Dotci A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits. | 9.8 |
2022-09-21 | CVE-2022-41242 | Missing Authorization vulnerability in Jenkins Extreme-Feedback A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps. | 5.4 |
2022-09-21 | CVE-2022-41246 | Missing Authorization vulnerability in Jenkins Worksoft Execution Manager A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
2022-09-21 | CVE-2022-41250 | Missing Authorization vulnerability in Jenkins SCM Httpclient A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
2022-09-21 | CVE-2022-41251 | Missing Authorization vulnerability in Jenkins Apprenda A missing permission check in Jenkins Apprenda Plugin 2.2.0 and earlier allows users with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
2022-09-21 | CVE-2022-41252 | Missing Authorization vulnerability in Jenkins Cons3Rt 1.0.0 Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. | 4.3 |