Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Jenkins Subscribe
Filtered by product Xebialabs Xl Deploy
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-21663 1 Jenkins 1 Xebialabs Xl Deploy 2021-06-15 4.0 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.
CVE-2021-21662 1 Jenkins 1 Xebialabs Xl Deploy 2021-06-15 4.0 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.
CVE-2021-21665 1 Jenkins 1 Xebialabs Xl Deploy 2021-06-15 6.0 MEDIUM 8.0 HIGH
A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.
CVE-2021-21664 1 Jenkins 1 Xebialabs Xl Deploy 2021-06-15 4.0 MEDIUM 6.5 MEDIUM
An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.
CVE-2019-10305 1 Jenkins 1 Xebialabs Xl Deploy 2020-10-02 4.0 MEDIUM 6.5 MEDIUM
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
CVE-2019-10304 1 Jenkins 1 Xebialabs Xl Deploy 2019-10-09 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server.