Vulnerabilities > Jenkins > Netsparker Cloud Scan > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-04 | CVE-2019-10290 | Missing Authorization vulnerability in Jenkins Netsparker Cloud Scan A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
2019-04-04 | CVE-2019-10289 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Netsparker Cloud Scan A cross-site request forgery vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers to initiate a connection to an attacker-specified server. | 6.5 |