Perfecto

perfecto

Vendor: Jenkins • 2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-2261 1Jenkins 1Perfecto Nov 21, 2024 Sep 16, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller
CVE-2020-2260 1Jenkins 1Perfecto Nov 21, 2024 Sep 16, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials.