Filtered by vendor Jenkins
Subscribe
Total
1605 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-40351 | 1 Jenkins | 1 Favorite View | 2024-02-28 | N/A | 4.3 MEDIUM |
A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar. | |||||
CVE-2023-37946 | 1 Jenkins | 1 Openshift Login | 2024-02-28 | N/A | 8.8 HIGH |
Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier does not invalidate the previous session on login. | |||||
CVE-2023-46657 | 1 Jenkins | 1 Gogs | 2024-02-28 | N/A | 5.3 MEDIUM |
Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | |||||
CVE-2023-39153 | 1 Jenkins | 1 Gitlab Authentication | 2024-02-28 | N/A | 5.4 MEDIUM |
A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account. | |||||
CVE-2023-46659 | 1 Jenkins | 1 Edgewall Trac | 2024-02-28 | N/A | 5.4 MEDIUM |
Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape the Trac website URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
CVE-2023-41935 | 1 Jenkins | 1 Azure Ad | 2024-02-28 | N/A | 7.5 HIGH |
Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce. | |||||
CVE-2023-43499 | 1 Jenkins | 1 Build Failure Analyzer | 2024-02-28 | N/A | 5.4 MEDIUM |
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes. | |||||
CVE-2023-41931 | 1 Jenkins | 1 Job Configuration History | 2024-02-28 | N/A | 5.4 MEDIUM |
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting (XSS) vulnerability. | |||||
CVE-2023-37947 | 1 Jenkins | 1 Openshift Login | 2024-02-28 | N/A | 6.1 MEDIUM |
Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | |||||
CVE-2023-41938 | 1 Jenkins | 1 Ivy | 2024-02-28 | N/A | 6.5 MEDIUM |
A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attackers to delete disabled modules. | |||||
CVE-2023-37949 | 1 Jenkins | 1 Orka By Macstadium | 2024-02-28 | N/A | 7.1 HIGH |
A missing permission check in Jenkins Orka by MacStadium Plugin 1.33 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
CVE-2023-40337 | 1 Jenkins | 1 Folders | 2024-02-28 | N/A | 4.3 MEDIUM |
A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder. | |||||
CVE-2023-39154 | 1 Jenkins | 1 Qualys Web App Scanning Connector | 2024-02-28 | N/A | 6.5 MEDIUM |
Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
CVE-2023-41930 | 1 Jenkins | 1 Job Configuration History | 2024-02-28 | N/A | 4.3 MEDIUM |
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a history entry, allowing attackers to have Jenkins render a manipulated configuration history that was not created by the plugin. | |||||
CVE-2023-37953 | 1 Jenkins | 1 Mabl | 2024-02-28 | N/A | 6.5 MEDIUM |
A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
CVE-2023-43496 | 1 Jenkins | 1 Jenkins | 2024-02-28 | N/A | 8.8 HIGH |
Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution. | |||||
CVE-2023-40347 | 1 Jenkins | 1 Maven Artifact Choicelistprovider \(nexus\) | 2024-02-28 | N/A | 6.5 MEDIUM |
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. | |||||
CVE-2023-43502 | 1 Jenkins | 1 Build Failure Analyzer | 2024-02-28 | N/A | 4.3 MEDIUM |
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes. | |||||
CVE-2023-39155 | 1 Jenkins | 1 Chef Identity | 2024-02-28 | N/A | 5.3 MEDIUM |
Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it. | |||||
CVE-2023-46656 | 1 Jenkins | 1 Multibranch Scan Webhook Trigger | 2024-02-28 | N/A | 5.3 MEDIUM |
Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. |