Vulnerabilities > Jenkins > Worksoft Execution Manager

DATE CVE VULNERABILITY TITLE RISK
2022-09-21 CVE-2022-41245 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager
A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
8.8
2022-09-21 CVE-2022-41246 Missing Authorization vulnerability in Jenkins Worksoft Execution Manager
A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
6.5