Team Concert Plugin

Source repositories

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2023-3315	Jenkins Project Team Concert Plugin	—	0.01	Jun 19, 2023	Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
CVE-2019-16567	Jenkins Project Team Concert Plugin	—	0.00	Dec 17, 2019	A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
CVE-2019-16566	Jenkins Project Team Concert Plugin	—	0.00	Dec 17, 2019	A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2019-16565	Jenkins Project Team Concert Plugin	—	0.00	Dec 17, 2019	A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE-2023-3315Jun 19, 2023
Jenkins Project
Team Concert Plugin
risk 0.00cvss —epss 0.01
Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
CVE-2019-16567Dec 17, 2019
Jenkins Project
Team Concert Plugin
risk 0.00cvss —epss 0.00
A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
CVE-2019-16566Dec 17, 2019
Jenkins Project
Team Concert Plugin
risk 0.00cvss —epss 0.00
A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2019-16565Dec 17, 2019
Jenkins Project
Team Concert Plugin
risk 0.00cvss —epss 0.00
A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.