Filtered by vendor Jenkins
Subscribe
Total
1465 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-37945 | 1 Jenkins | 1 Saml Single Sign On | 2024-02-05 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the current security realm. | |||||
| CVE-2023-37958 | 1 Jenkins | 1 Sumologic Publisher | 2024-02-05 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers to connect to an attacker-specified URL. | |||||
| CVE-2023-37955 | 1 Jenkins | 1 Test Results Aggregator | 2024-02-05 | N/A | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2023-37949 | 1 Jenkins | 1 Orka By Macstadium | 2024-02-05 | N/A | 7.1 HIGH |
| A missing permission check in Jenkins Orka by MacStadium Plugin 1.33 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-37950 | 1 Jenkins | 1 Mabl | 2024-02-05 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2023-37952 | 1 Jenkins | 1 Mabl | 2024-02-05 | N/A | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-37948 | 1 Jenkins | 1 Cloud Infrastructure Compute | 2024-02-05 | N/A | 3.7 LOW |
| Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks. | |||||
| CVE-2023-39156 | 1 Jenkins | 1 Bazaar | 2024-02-05 | N/A | 5.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags. | |||||
| CVE-2023-37963 | 1 Jenkins | 1 Benchmark Evaluator | 2024-02-05 | N/A | 5.4 MEDIUM |
| A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system. | |||||
| CVE-2023-40336 | 1 Jenkins | 1 Folders | 2024-02-05 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders. | |||||
| CVE-2023-37964 | 1 Jenkins | 1 Elasticbox Ci | 2024-02-05 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-40344 | 1 Jenkins | 1 Delphix | 2024-02-05 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2023-40339 | 1 Jenkins | 1 Config File Provider | 2024-02-05 | N/A | 7.5 HIGH |
| Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log. | |||||
| CVE-2023-37965 | 1 Jenkins | 1 Elasticbox Ci | 2024-02-05 | N/A | 7.1 HIGH |
| A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-30513 | 1 Jenkins | 1 Kubernetes | 2024-02-04 | N/A | 7.5 HIGH |
| Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. | |||||
| CVE-2023-32986 | 1 Jenkins | 1 File Parameters | 2024-02-04 | N/A | 8.8 HIGH |
| Jenkins File Parameter Plugin 285.v757c5b_67a_c25 and earlier does not restrict the name (and resulting uploaded file name) of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. | |||||
| CVE-2023-30527 | 1 Jenkins | 1 Wso2 Oauth | 2024-02-04 | N/A | 4.3 MEDIUM |
| Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2023-32990 | 1 Jenkins | 1 Azure Vm Agents | 2024-02-04 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method. | |||||
| CVE-2023-2632 | 1 Jenkins | 1 Code Dx | 2024-02-04 | N/A | 4.3 MEDIUM |
| Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2023-30526 | 1 Jenkins | 1 Report Portal | 2024-02-04 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins Report Portal Plugin 0.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication. | |||||