Jenkins - Scm Httpclient CVE - OpenCVE

Filtered by vendor Jenkins Subscriptions

Filtered by product Scm Httpclient Subscriptions

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-41250	1 Jenkins	1 Scm Httpclient	2024-08-03	6.5 Medium
A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2022-41249	1 Jenkins	1 Scm Httpclient	2024-08-03	8.8 High
A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Page 1 of 1.