Filtered by vendor Jenkins
Subscribe
Total
1605 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41932 | 1 Jenkins | 1 Job Configuration History | 2024-02-28 | N/A | 6.5 MEDIUM |
| Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'. | |||||
| CVE-2023-41936 | 1 Jenkins | 1 Google Login | 2024-02-28 | N/A | 7.5 HIGH |
| Jenkins Google Login Plugin 1.7 and earlier uses a non-constant time comparison function when checking whether the provided and expected token are equal, potentially allowing attackers to use statistical methods to obtain a valid token. | |||||
| CVE-2023-46651 | 1 Jenkins | 1 Warnings | 2024-02-28 | N/A | 6.5 MEDIUM |
| Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1. | |||||
| CVE-2023-46660 | 1 Jenkins | 1 Zanata | 2024-02-28 | N/A | 5.3 MEDIUM |
| Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | |||||
| CVE-2023-40336 | 1 Jenkins | 1 Folders | 2024-02-28 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders. | |||||
| CVE-2023-37959 | 1 Jenkins | 1 Sumologic Publisher | 2024-02-28 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | |||||
| CVE-2023-41943 | 1 Jenkins | 1 Aws Codecommit Trigger | 2024-02-28 | N/A | 6.5 MEDIUM |
| Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue. | |||||
| CVE-2023-37958 | 1 Jenkins | 1 Sumologic Publisher | 2024-02-28 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers to connect to an attacker-specified URL. | |||||
| CVE-2023-43494 | 1 Jenkins | 1 Jenkins | 2024-02-28 | N/A | 4.3 MEDIUM |
| Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in builds by iteratively testing different characters until the correct sequence is discovered. | |||||
| CVE-2023-3442 | 1 Jenkins | 1 Servicenow Devops | 2024-02-28 | N/A | 7.5 HIGH |
| A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform. | |||||
| CVE-2023-40340 | 1 Jenkins | 1 Nodejs | 2024-02-28 | N/A | 7.5 HIGH |
| Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask (i.e., replace with asterisks) credentials specified in the Npm config file in Pipeline build logs. | |||||
| CVE-2023-40342 | 1 Jenkins | 1 Flaky Test Handler | 2024-02-28 | N/A | 5.4 MEDIUM |
| Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents. | |||||
| CVE-2023-46650 | 1 Jenkins | 1 Github | 2024-02-28 | N/A | 5.4 MEDIUM |
| Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2023-40343 | 1 Jenkins | 1 Tuleap Authentication | 2024-02-28 | N/A | 5.9 MEDIUM |
| Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token. | |||||
| CVE-2023-39156 | 1 Jenkins | 1 Bazaar | 2024-02-28 | N/A | 5.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags. | |||||
| CVE-2023-41947 | 1 Jenkins | 1 Frugal Testing | 2024-02-28 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to Frugal Testing using attacker-specified credentials. | |||||
| CVE-2023-37952 | 1 Jenkins | 1 Mabl | 2024-02-28 | N/A | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-37964 | 1 Jenkins | 1 Elasticbox Ci | 2024-02-28 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-40344 | 1 Jenkins | 1 Delphix | 2024-02-28 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2023-37960 | 1 Jenkins | 1 Mathworks Polyspace | 2024-02-28 | N/A | 6.5 MEDIUM |
| Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier allows attackers with Item/Configure permission to send emails with arbitrary files from the Jenkins controller file systems. | |||||