Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for Jenkins XebiaLabs XL Deploy Plugin by Jenkins project

    CVE-2021-21665 (GCVE-0-2021-21665)

    Vulnerability from nvd – Published: 2021-06-10 14:25 – Updated: 2024-08-03 18:23
    VLAI
    Summary
    A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins XebiaLabs XL Deploy Plugin Affected: unspecified , ≤ 10.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:23:28.440Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1982"
              },
              {
                "name": "[oss-security] 20210610 Multiple vulnerabilities in Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/06/10/14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins XebiaLabs XL Deploy Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "10.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T15:51:32.613Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1982"
            },
            {
              "name": "[oss-security] 20210610 Multiple vulnerabilities in Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/06/10/14"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2021-21665",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins XebiaLabs XL Deploy Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "10.0.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352: Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1982",
                  "refsource": "CONFIRM",
                  "url": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1982"
                },
                {
                  "name": "[oss-security] 20210610 Multiple vulnerabilities in Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/06/10/14"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2021-21665",
        "datePublished": "2021-06-10T14:25:22.000Z",
        "dateReserved": "2021-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:23:28.440Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-21664 (GCVE-0-2021-21664)

    Vulnerability from nvd – Published: 2021-06-10 14:25 – Updated: 2024-08-03 18:23
    VLAI
    Summary
    An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins XebiaLabs XL Deploy Plugin Affected: 7.5.9 , < unspecified (custom)
    Affected: unspecified , ≤ 10.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:23:27.397Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1982"
              },
              {
                "name": "[oss-security] 20210610 Multiple vulnerabilities in Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/06/10/14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins XebiaLabs XL Deploy Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.9",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "10.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T15:51:31.413Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1982"
            },
            {
              "name": "[oss-security] 20210610 Multiple vulnerabilities in Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/06/10/14"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2021-21664",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins XebiaLabs XL Deploy Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.9"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "10.0.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-863: Incorrect Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1982",
                  "refsource": "CONFIRM",
                  "url": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1982"
                },
                {
                  "name": "[oss-security] 20210610 Multiple vulnerabilities in Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/06/10/14"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2021-21664",
        "datePublished": "2021-06-10T14:25:21.000Z",
        "dateReserved": "2021-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:23:27.397Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-21663 (GCVE-0-2021-21663)

    Vulnerability from nvd – Published: 2021-06-10 14:25 – Updated: 2024-08-03 18:23
    VLAI
    Summary
    A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins XebiaLabs XL Deploy Plugin Affected: 7.5.6 , < unspecified (custom)
    Affected: unspecified , ≤ 7.5.8 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:23:27.490Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1982"
              },
              {
                "name": "[oss-security] 20210610 Multiple vulnerabilities in Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/06/10/14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins XebiaLabs XL Deploy Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.6",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "7.5.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T15:51:30.218Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1982"
            },
            {
              "name": "[oss-security] 20210610 Multiple vulnerabilities in Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/06/10/14"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2021-21663",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins XebiaLabs XL Deploy Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.6"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "7.5.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862: Missing Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1982",
                  "refsource": "CONFIRM",
                  "url": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1982"
                },
                {
                  "name": "[oss-security] 20210610 Multiple vulnerabilities in Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/06/10/14"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2021-21663",
        "datePublished": "2021-06-10T14:25:21.000Z",
        "dateReserved": "2021-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:23:27.490Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-21662 (GCVE-0-2021-21662)

    Vulnerability from nvd – Published: 2021-06-10 14:25 – Updated: 2024-08-03 18:23
    VLAI
    Summary
    A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins XebiaLabs XL Deploy Plugin Affected: unspecified , ≤ 10.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:23:27.500Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1981"
              },
              {
                "name": "[oss-security] 20210610 Multiple vulnerabilities in Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/06/10/14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins XebiaLabs XL Deploy Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "10.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T15:51:29.006Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1981"
            },
            {
              "name": "[oss-security] 20210610 Multiple vulnerabilities in Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/06/10/14"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2021-21662",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins XebiaLabs XL Deploy Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "10.0.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862: Missing Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1981",
                  "refsource": "CONFIRM",
                  "url": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1981"
                },
                {
                  "name": "[oss-security] 20210610 Multiple vulnerabilities in Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/06/10/14"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2021-21662",
        "datePublished": "2021-06-10T14:25:20.000Z",
        "dateReserved": "2021-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:23:27.500Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10305 (GCVE-0-2019-10305)

    Vulnerability from nvd – Published: 2019-04-18 16:54 – Updated: 2024-08-04 22:17
    VLAI
    Summary
    A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins XebiaLabs XL Deploy Plugin Affected: all versions as of 2019-04-17
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:17:20.111Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "108045",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108045"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jenkins.io/security/advisory/2019-04-17/#SECURITY-983"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins XebiaLabs XL Deploy Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions as of 2019-04-17"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T16:47:01.379Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "name": "108045",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108045"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jenkins.io/security/advisory/2019-04-17/#SECURITY-983"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2019-10305",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins XebiaLabs XL Deploy Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions as of 2019-04-17"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "108045",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108045"
                },
                {
                  "name": "https://jenkins.io/security/advisory/2019-04-17/#SECURITY-983",
                  "refsource": "CONFIRM",
                  "url": "https://jenkins.io/security/advisory/2019-04-17/#SECURITY-983"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2019-10305",
        "datePublished": "2019-04-18T16:54:18.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:17:20.111Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10304 (GCVE-0-2019-10304)

    Vulnerability from nvd – Published: 2019-04-18 16:54 – Updated: 2024-08-04 22:17
    VLAI
    Summary
    A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins XebiaLabs XL Deploy Plugin Affected: all versions as of 2019-04-17
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:17:19.986Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "108045",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108045"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jenkins.io/security/advisory/2019-04-17/#SECURITY-983"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins XebiaLabs XL Deploy Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions as of 2019-04-17"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T16:47:00.217Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "name": "108045",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108045"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jenkins.io/security/advisory/2019-04-17/#SECURITY-983"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2019-10304",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins XebiaLabs XL Deploy Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions as of 2019-04-17"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "108045",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108045"
                },
                {
                  "name": "https://jenkins.io/security/advisory/2019-04-17/#SECURITY-983",
                  "refsource": "CONFIRM",
                  "url": "https://jenkins.io/security/advisory/2019-04-17/#SECURITY-983"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2019-10304",
        "datePublished": "2019-04-18T16:54:18.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:17:19.986Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-21665 (GCVE-0-2021-21665)

    Vulnerability from cvelistv5 – Published: 2021-06-10 14:25 – Updated: 2024-08-03 18:23
    VLAI
    Summary
    A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins XebiaLabs XL Deploy Plugin Affected: unspecified , ≤ 10.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:23:28.440Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1982"
              },
              {
                "name": "[oss-security] 20210610 Multiple vulnerabilities in Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/06/10/14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins XebiaLabs XL Deploy Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "10.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T15:51:32.613Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1982"
            },
            {
              "name": "[oss-security] 20210610 Multiple vulnerabilities in Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/06/10/14"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2021-21665",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins XebiaLabs XL Deploy Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "10.0.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352: Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1982",
                  "refsource": "CONFIRM",
                  "url": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1982"
                },
                {
                  "name": "[oss-security] 20210610 Multiple vulnerabilities in Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/06/10/14"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2021-21665",
        "datePublished": "2021-06-10T14:25:22.000Z",
        "dateReserved": "2021-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:23:28.440Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-21664 (GCVE-0-2021-21664)

    Vulnerability from cvelistv5 – Published: 2021-06-10 14:25 – Updated: 2024-08-03 18:23
    VLAI
    Summary
    An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins XebiaLabs XL Deploy Plugin Affected: 7.5.9 , < unspecified (custom)
    Affected: unspecified , ≤ 10.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:23:27.397Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1982"
              },
              {
                "name": "[oss-security] 20210610 Multiple vulnerabilities in Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/06/10/14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins XebiaLabs XL Deploy Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.9",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "10.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T15:51:31.413Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1982"
            },
            {
              "name": "[oss-security] 20210610 Multiple vulnerabilities in Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/06/10/14"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2021-21664",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins XebiaLabs XL Deploy Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.9"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "10.0.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-863: Incorrect Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1982",
                  "refsource": "CONFIRM",
                  "url": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1982"
                },
                {
                  "name": "[oss-security] 20210610 Multiple vulnerabilities in Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/06/10/14"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2021-21664",
        "datePublished": "2021-06-10T14:25:21.000Z",
        "dateReserved": "2021-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:23:27.397Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-21663 (GCVE-0-2021-21663)

    Vulnerability from cvelistv5 – Published: 2021-06-10 14:25 – Updated: 2024-08-03 18:23
    VLAI
    Summary
    A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins XebiaLabs XL Deploy Plugin Affected: 7.5.6 , < unspecified (custom)
    Affected: unspecified , ≤ 7.5.8 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:23:27.490Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1982"
              },
              {
                "name": "[oss-security] 20210610 Multiple vulnerabilities in Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/06/10/14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins XebiaLabs XL Deploy Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.6",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "7.5.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T15:51:30.218Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1982"
            },
            {
              "name": "[oss-security] 20210610 Multiple vulnerabilities in Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/06/10/14"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2021-21663",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins XebiaLabs XL Deploy Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.6"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "7.5.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862: Missing Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1982",
                  "refsource": "CONFIRM",
                  "url": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1982"
                },
                {
                  "name": "[oss-security] 20210610 Multiple vulnerabilities in Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/06/10/14"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2021-21663",
        "datePublished": "2021-06-10T14:25:21.000Z",
        "dateReserved": "2021-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:23:27.490Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-21662 (GCVE-0-2021-21662)

    Vulnerability from cvelistv5 – Published: 2021-06-10 14:25 – Updated: 2024-08-03 18:23
    VLAI
    Summary
    A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins XebiaLabs XL Deploy Plugin Affected: unspecified , ≤ 10.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:23:27.500Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1981"
              },
              {
                "name": "[oss-security] 20210610 Multiple vulnerabilities in Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/06/10/14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins XebiaLabs XL Deploy Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "10.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T15:51:29.006Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1981"
            },
            {
              "name": "[oss-security] 20210610 Multiple vulnerabilities in Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/06/10/14"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2021-21662",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins XebiaLabs XL Deploy Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "10.0.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862: Missing Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1981",
                  "refsource": "CONFIRM",
                  "url": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1981"
                },
                {
                  "name": "[oss-security] 20210610 Multiple vulnerabilities in Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/06/10/14"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2021-21662",
        "datePublished": "2021-06-10T14:25:20.000Z",
        "dateReserved": "2021-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:23:27.500Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10305 (GCVE-0-2019-10305)

    Vulnerability from cvelistv5 – Published: 2019-04-18 16:54 – Updated: 2024-08-04 22:17
    VLAI
    Summary
    A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins XebiaLabs XL Deploy Plugin Affected: all versions as of 2019-04-17
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:17:20.111Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "108045",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108045"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jenkins.io/security/advisory/2019-04-17/#SECURITY-983"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins XebiaLabs XL Deploy Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions as of 2019-04-17"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T16:47:01.379Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "name": "108045",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108045"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jenkins.io/security/advisory/2019-04-17/#SECURITY-983"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2019-10305",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins XebiaLabs XL Deploy Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions as of 2019-04-17"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "108045",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108045"
                },
                {
                  "name": "https://jenkins.io/security/advisory/2019-04-17/#SECURITY-983",
                  "refsource": "CONFIRM",
                  "url": "https://jenkins.io/security/advisory/2019-04-17/#SECURITY-983"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2019-10305",
        "datePublished": "2019-04-18T16:54:18.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:17:20.111Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10304 (GCVE-0-2019-10304)

    Vulnerability from cvelistv5 – Published: 2019-04-18 16:54 – Updated: 2024-08-04 22:17
    VLAI
    Summary
    A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins XebiaLabs XL Deploy Plugin Affected: all versions as of 2019-04-17
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:17:19.986Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "108045",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108045"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jenkins.io/security/advisory/2019-04-17/#SECURITY-983"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins XebiaLabs XL Deploy Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions as of 2019-04-17"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T16:47:00.217Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "name": "108045",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108045"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jenkins.io/security/advisory/2019-04-17/#SECURITY-983"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2019-10304",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins XebiaLabs XL Deploy Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions as of 2019-04-17"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "108045",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108045"
                },
                {
                  "name": "https://jenkins.io/security/advisory/2019-04-17/#SECURITY-983",
                  "refsource": "CONFIRM",
                  "url": "https://jenkins.io/security/advisory/2019-04-17/#SECURITY-983"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2019-10304",
        "datePublished": "2019-04-18T16:54:18.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:17:19.986Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }