Maven package
org.jenkinsci.plugins/octoperf
pkg:maven/org.jenkinsci.plugins/octoperf
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-28675 | — | < 4.5.3 | 4.5.3 | Mar 23, 2023 | A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials. | ||
| CVE-2023-28674 | — | < 4.5.3 | 4.5.3 | Mar 23, 2023 | A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials. | ||
| CVE-2023-28673 | — | < 4.5.3 | 4.5.3 | Mar 23, 2023 | A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||
| CVE-2023-28672 | — | < 4.5.2 | 4.5.2 | Mar 23, 2023 | Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through | ||
| CVE-2023-28671 | — | < 4.5.1 | 4.5.1 | Mar 23, 2023 | A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Je |
- CVE-2023-28675Mar 23, 2023affected < 4.5.3fixed 4.5.3
A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials.
- CVE-2023-28674Mar 23, 2023affected < 4.5.3fixed 4.5.3
A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials.
- CVE-2023-28673Mar 23, 2023affected < 4.5.3fixed 4.5.3
A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
- CVE-2023-28672Mar 23, 2023affected < 4.5.2fixed 4.5.2
Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through
- CVE-2023-28671Mar 23, 2023affected < 4.5.1fixed 4.5.1
A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Je