Filtered by vendor Jenkins
Subscriptions
Total
1603 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39155 | 1 Jenkins | 1 Chef Identity | 2023-10-24 | 5.3 Medium |
| Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it. | ||||
| CVE-2023-39154 | 1 Jenkins | 1 Qualys Web App Scanning Connector | 2023-10-24 | 6.5 Medium |
| Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2023-39153 | 1 Jenkins | 1 Gitlab Authentication | 2023-10-24 | 5.4 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account. | ||||
| CVE-2023-39152 | 1 Jenkins | 1 Gradle | 2023-10-24 | 6.5 Medium |
| Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked (i.e., replaced with asterisks) in the build log in some circumstances. | ||||
| CVE-2023-39151 | 1 Jenkins | 1 Jenkins | 2023-10-24 | 5.4 Medium |
| Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control build log contents. | ||||
| CVE-2023-37965 | 1 Jenkins | 1 Elasticbox Ci | 2023-10-24 | 7.1 High |
| A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2023-37964 | 1 Jenkins | 1 Elasticbox Ci | 2023-10-24 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2023-37963 | 1 Jenkins | 1 Benchmark Evaluator | 2023-10-24 | 5.4 Medium |
| A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system. | ||||
| CVE-2023-37962 | 1 Jenkins | 1 Benchmark Evaluator | 2023-10-24 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system. | ||||
| CVE-2023-37961 | 1 Jenkins | 1 Assembla | 2023-10-24 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account. | ||||
| CVE-2023-37960 | 1 Jenkins | 1 Mathworks Polyspace | 2023-10-24 | 6.5 Medium |
| Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier allows attackers with Item/Configure permission to send emails with arbitrary files from the Jenkins controller file systems. | ||||
| CVE-2023-37959 | 1 Jenkins | 1 Sumologic Publisher | 2023-10-24 | 6.5 Medium |
| A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | ||||
| CVE-2023-37958 | 1 Jenkins | 1 Sumologic Publisher | 2023-10-24 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers to connect to an attacker-specified URL. | ||||
| CVE-2023-37957 | 1 Jenkins | 1 Pipeline Restful Api | 2023-10-24 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and earlier allows attackers to connect to an attacker-specified URL, capturing a newly generated JCLI token. | ||||
| CVE-2023-37956 | 1 Jenkins | 1 Test Results Aggregator | 2023-10-24 | 6.5 Medium |
| A missing permission check in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | ||||
| CVE-2023-37955 | 1 Jenkins | 1 Test Results Aggregator | 2023-10-24 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | ||||
| CVE-2023-37954 | 1 Jenkins | 1 Rebuilder | 2023-10-24 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder Plugin 320.v5a_0933a_e7d61 and earlier allows attackers to rebuild a previous build. | ||||
| CVE-2023-37953 | 1 Jenkins | 1 Mabl | 2023-10-24 | 6.5 Medium |
| A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2023-37952 | 1 Jenkins | 1 Mabl | 2023-10-24 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2023-37951 | 1 Jenkins | 1 Mabl | 2023-10-24 | 6.5 Medium |
| Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. | ||||