MATLAB Plugin
CVEs (47)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-20613 | 0.00 | — | 0.00 | Jan 12, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname. | |||
| CVE-2022-20614 | 0.00 | — | 0.00 | Jan 12, 2022 | A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname. | |||
| CVE-2021-21673 | 0.00 | — | 0.00 | Jun 30, 2021 | Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | |||
| CVE-2021-21655 | 0.00 | — | 0.00 | May 11, 2021 | A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password. | |||
| CVE-2021-21654 | 0.00 | — | 0.00 | May 11, 2021 | Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server using attacker-specified username and password. | |||
| CVE-2021-21613 | 0.00 | — | 0.00 | Jan 13, 2021 | Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS service responses, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control TICS service response content. | |||
| CVE-2020-2324 | 0.00 | — | 0.00 | Dec 3, 2020 | Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||
| CVE-2020-2267 | 0.00 | — | 0.00 | Sep 16, 2020 | A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller. | |||
| CVE-2020-2268 | 0.00 | — | 0.00 | Sep 16, 2020 | A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller. | |||
| CVE-2020-2252 | 0.00 | — | 0.00 | Sep 16, 2020 | Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server. | |||
| CVE-2020-2184 | 0.00 | — | 0.01 | May 6, 2020 | A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL. | |||
| CVE-2020-2177 | 0.00 | — | 0.00 | Apr 16, 2020 | Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||
| CVE-2020-2148 | 0.00 | — | 0.00 | Mar 9, 2020 | A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. | |||
| CVE-2020-2146 | 0.00 | — | 0.00 | Mar 9, 2020 | Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. | |||
| CVE-2020-2147 | 0.00 | — | 0.00 | Mar 9, 2020 | A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. | |||
| CVE-2020-2142 | 0.00 | — | 0.00 | Mar 9, 2020 | A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier allows attackers with Overall/Read permission to trigger builds. | |||
| CVE-2020-2141 | 0.00 | — | 0.00 | Mar 9, 2020 | A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.10 and earlier allows attackers to trigger builds or add a labels in Perforce. | |||
| CVE-2019-16569 | 0.00 | — | 0.00 | Dec 17, 2019 | A cross-site request forgery vulnerability in Jenkins Mantis Plugin 0.26 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials. | |||
| CVE-2019-10314 | 0.00 | — | 0.00 | Apr 30, 2019 | Jenkins Koji Plugin disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | |||
| CVE-2019-10293 | 0.00 | — | 0.00 | Apr 4, 2019 | A missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. |
- CVE-2022-20613Jan 12, 2022risk 0.00cvss —epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
- CVE-2022-20614Jan 12, 2022risk 0.00cvss —epss 0.00
A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
- CVE-2021-21673Jun 30, 2021risk 0.00cvss —epss 0.00
Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.
- CVE-2021-21655May 11, 2021risk 0.00cvss —epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password.
- CVE-2021-21654May 11, 2021risk 0.00cvss —epss 0.00
Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server using attacker-specified username and password.
- CVE-2021-21613Jan 13, 2021risk 0.00cvss —epss 0.00
Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS service responses, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control TICS service response content.
- CVE-2020-2324Dec 3, 2020risk 0.00cvss —epss 0.00
Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- CVE-2020-2267Sep 16, 2020risk 0.00cvss —epss 0.00
A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller.
- CVE-2020-2268Sep 16, 2020risk 0.00cvss —epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller.
- CVE-2020-2252Sep 16, 2020risk 0.00cvss —epss 0.00
Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.
- CVE-2020-2184May 6, 2020risk 0.00cvss —epss 0.01
A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL.
- CVE-2020-2177Apr 16, 2020risk 0.00cvss —epss 0.00
Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
- CVE-2020-2148Mar 9, 2020risk 0.00cvss —epss 0.00
A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials.
- CVE-2020-2146Mar 9, 2020risk 0.00cvss —epss 0.00
Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.
- CVE-2020-2147Mar 9, 2020risk 0.00cvss —epss 0.00
A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.
- CVE-2020-2142Mar 9, 2020risk 0.00cvss —epss 0.00
A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier allows attackers with Overall/Read permission to trigger builds.
- CVE-2020-2141Mar 9, 2020risk 0.00cvss —epss 0.00
A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.10 and earlier allows attackers to trigger builds or add a labels in Perforce.
- CVE-2019-16569Dec 17, 2019risk 0.00cvss —epss 0.00
A cross-site request forgery vulnerability in Jenkins Mantis Plugin 0.26 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials.
- CVE-2019-10314Apr 30, 2019risk 0.00cvss —epss 0.00
Jenkins Koji Plugin disables SSL/TLS and hostname verification globally for the Jenkins master JVM.
- CVE-2019-10293Apr 4, 2019risk 0.00cvss —epss 0.00
A missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
Page 2 of 3