Filtered by vendor Jenkins
Subscribe
Total
1603 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39153 | 1 Jenkins | 1 Gitlab Authentication | 2023-07-31 | N/A | 5.4 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account. | |||||
| CVE-2023-39154 | 1 Jenkins | 1 Qualys Web App Scanning Connector | 2023-07-31 | N/A | 6.5 MEDIUM |
| Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-39152 | 1 Jenkins | 1 Gradle | 2023-07-31 | N/A | 6.5 MEDIUM |
| Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked (i.e., replaced with asterisks) in the build log in some circumstances. | |||||
| CVE-2023-37946 | 1 Jenkins | 1 Openshift Login | 2023-07-26 | N/A | 8.8 HIGH |
| Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier does not invalidate the previous session on login. | |||||
| CVE-2022-2048 | 4 Debian, Eclipse, Jenkins and 1 more | 8 Debian Linux, Jetty, Jenkins and 5 more | 2023-07-24 | 5.0 MEDIUM | 7.5 HIGH |
| In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. | |||||
| CVE-2023-37950 | 1 Jenkins | 1 Mabl | 2023-07-20 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2023-37949 | 1 Jenkins | 1 Orka By Macstadium | 2023-07-20 | N/A | 7.1 HIGH |
| A missing permission check in Jenkins Orka by MacStadium Plugin 1.33 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-37947 | 1 Jenkins | 1 Openshift Login | 2023-07-20 | N/A | 6.1 MEDIUM |
| Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | |||||
| CVE-2023-37948 | 1 Jenkins | 1 Cloud Infrastructure Compute | 2023-07-20 | N/A | 3.7 LOW |
| Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks. | |||||
| CVE-2023-37965 | 1 Jenkins | 1 Elasticbox Ci | 2023-07-20 | N/A | 7.1 HIGH |
| A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-37963 | 1 Jenkins | 1 Benchmark Evaluator | 2023-07-20 | N/A | 5.4 MEDIUM |
| A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system. | |||||
| CVE-2023-37960 | 1 Jenkins | 1 Mathworks Polyspace | 2023-07-20 | N/A | 6.5 MEDIUM |
| Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier allows attackers with Item/Configure permission to send emails with arbitrary files from the Jenkins controller file systems. | |||||
| CVE-2023-37964 | 1 Jenkins | 1 Elasticbox Ci | 2023-07-20 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-37962 | 1 Jenkins | 1 Benchmark Evaluator | 2023-07-20 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system. | |||||
| CVE-2023-37961 | 1 Jenkins | 1 Assembla | 2023-07-20 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account. | |||||
| CVE-2023-37959 | 1 Jenkins | 1 Sumologic Publisher | 2023-07-20 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | |||||
| CVE-2023-37958 | 1 Jenkins | 1 Sumologic Publisher | 2023-07-20 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers to connect to an attacker-specified URL. | |||||
| CVE-2023-37957 | 1 Jenkins | 1 Pipeline Restful Api | 2023-07-20 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and earlier allows attackers to connect to an attacker-specified URL, capturing a newly generated JCLI token. | |||||
| CVE-2023-37956 | 1 Jenkins | 1 Test Results Aggregator | 2023-07-20 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2023-37942 | 1 Jenkins | 1 External Monitor Job Type | 2023-07-20 | N/A | 6.5 MEDIUM |
| Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||