Filtered by vendor Jenkins
Subscribe
Total
1465 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49674 | 1 Jenkins | 1 Neuvector Vulnerability Scanner | 2024-02-05 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. | |||||
| CVE-2024-23902 | 1 Jenkins | 1 Github Branch Source | 2024-02-05 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL. | |||||
| CVE-2024-23899 | 1 Jenkins | 1 Git Server | 2024-02-05 | N/A | 6.5 MEDIUM |
| Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system. | |||||
| CVE-2023-50764 | 1 Jenkins | 1 Scriptler | 2024-02-05 | N/A | 8.1 HIGH |
| Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system. | |||||
| CVE-2023-49653 | 1 Jenkins | 1 Jira | 2024-02-05 | N/A | 6.5 MEDIUM |
| Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. | |||||
| CVE-2023-49654 | 1 Jenkins | 1 Matlab | 2024-02-05 | N/A | 9.8 CRITICAL |
| Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system. | |||||
| CVE-2023-50770 | 1 Jenkins | 1 Openid | 2024-02-05 | N/A | 6.7 MEDIUM |
| Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins. | |||||
| CVE-2023-50777 | 1 Jenkins | 1 Paaslane Estimate | 2024-02-05 | N/A | 4.3 MEDIUM |
| Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | |||||
| CVE-2023-50775 | 1 Jenkins | 1 Deployment Dashboard | 2024-02-05 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs. | |||||
| CVE-2023-50771 | 1 Jenkins | 1 Openid | 2024-02-05 | N/A | 6.1 MEDIUM |
| Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | |||||
| CVE-2023-50768 | 1 Jenkins | 1 Nexus Platform | 2024-02-05 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-50774 | 1 Jenkins | 1 Html Resource | 2024-02-05 | N/A | 8.1 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier allows attackers to delete arbitrary files on the Jenkins controller file system. | |||||
| CVE-2024-23904 | 1 Jenkins | 1 Log Command | 2024-02-05 | N/A | 7.5 HIGH |
| Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file system. | |||||
| CVE-2023-49655 | 1 Jenkins | 1 Matlab | 2024-02-05 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system. | |||||
| CVE-2023-50778 | 1 Jenkins | 1 Paaslane Estimate | 2024-02-05 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token. | |||||
| CVE-2023-50767 | 1 Jenkins | 1 Nexus Platform | 2024-02-05 | N/A | 5.4 MEDIUM |
| Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. | |||||
| CVE-2023-50773 | 1 Jenkins | 1 Dingding Json Pusher | 2024-02-05 | N/A | 4.3 MEDIUM |
| Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | |||||
| CVE-2023-49656 | 1 Jenkins | 1 Matlab | 2024-02-05 | N/A | 9.8 CRITICAL |
| Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2024-23901 | 1 Jenkins | 1 Github Branch Source | 2024-02-05 | N/A | 6.5 MEDIUM |
| Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group. | |||||
| CVE-2023-50765 | 1 Jenkins | 1 Scriptler | 2024-02-05 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID. | |||||