Jenkins - Orka By Macstadium CVE - OpenCVE

Filtered by vendor Jenkins Subscriptions

Filtered by product Orka By Macstadium Subscriptions

Total 4 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-24433	1 Jenkins	1 Orka By Macstadium	2023-11-03	6.5 Medium
Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2023-24431	1 Jenkins	1 Orka By Macstadium	2023-11-03	4.3 Medium
A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2023-24432	1 Jenkins	1 Orka By Macstadium	2023-11-03	8.8 High
A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2023-37949	1 Jenkins	1 Orka By Macstadium	2023-10-24	7.1 High
A missing permission check in Jenkins Orka by MacStadium Plugin 1.33 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Page 1 of 1.