Skip to main content

Perfecto

3 CVEs product

Monthly

CVE-2020-2261 Maven HIGH PATCH This Week

Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Jenkins Perfecto
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-2260 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Perfecto
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2015-4371 MEDIUM PATCH This Month

Open redirect vulnerability in the Perfecto module before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Perfecto
NVD
CVSS 2.0
5.8
EPSS
0.3%
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Jenkins Perfecto
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Perfecto
NVD
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Open redirect vulnerability in the Perfecto module before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Perfecto
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy