漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
N/A
漏洞信息
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. It did not properly check the current user's authentication and authorization when configuring existing GitHub organization folders. This allowed users with read access to the GitHub organization folder to reconfigure it, including changing the GitHub API endpoint for the organization folder to an attacker-controlled server to obtain the GitHub access token, if the organization folder was initially created using Blue Ocean.
漏洞信息
N/A
漏洞
N/A
漏洞
CloudBees Jenkins Blue Ocean插件安全漏洞
漏洞信息
CloudBees Jenkins(前称Hudson Labs)是美国CloudBees公司的一套基于Java开发的持续集成工具,它主要用于监控持续的软件版本发布/测试项目和一些定时执行的任务。Blue Ocean plugin是其中的一个可视化管理插件。 CloudBees Jenkins Blue Ocean插件1.1.5及之前的版本中存在安全漏洞,该漏洞源于程序没有正确的对当前用户进行授权和身份验证检测。攻击者可利用该漏洞重新配置GitHub组织文件夹,获取GitHub访问令牌。
漏洞信息
N/A
漏洞
N/A