Filtered by vendor Jenkins
Subscribe
Total
1395 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24438 | 1 Jenkins | 1 Jira Pipeline Steps | 2023-02-03 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-24430 | 1 Jenkins | 1 Semantic Versioning | 2023-02-03 | N/A | 9.8 CRITICAL |
| Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2019-10443 | 1 Jenkins | 1 Icescrum | 2023-02-03 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10440 | 1 Jenkins | 1 Neoload | 2023-02-03 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2023-24426 | 1 Jenkins | 1 Azure Ad | 2023-02-03 | N/A | 8.8 HIGH |
| Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login. | |||||
| CVE-2023-24425 | 1 Jenkins | 1 Kubernetes Credentials Provider | 2023-02-03 | N/A | 6.5 MEDIUM |
| Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to. | |||||
| CVE-2023-24424 | 1 Jenkins | 1 Openid Connect Authentication | 2023-02-03 | N/A | 8.8 HIGH |
| Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login. | |||||
| CVE-2023-24423 | 1 Jenkins | 1 Gerrit Trigger | 2023-02-03 | N/A | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit. | |||||
| CVE-2019-10386 | 1 Jenkins | 1 Xl Testview | 2023-02-02 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2019-10388 | 1 Jenkins | 1 Relution Enterprise Appstore Publisher | 2023-02-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server. | |||||
| CVE-2019-10359 | 1 Jenkins | 1 M2release | 2023-02-02 | 6.8 MEDIUM | 6.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified options. | |||||
| CVE-2023-24451 | 1 Jenkins | 1 Cisco Spark | 2023-02-02 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2023-24452 | 1 Jenkins | 1 Testquality Updater | 2023-02-02 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password. | |||||
| CVE-2023-24453 | 1 Jenkins | 1 Testquality Updater | 2023-02-02 | N/A | 6.5 MEDIUM |
| A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. | |||||
| CVE-2023-24454 | 1 Jenkins | 1 Testquality Updater | 2023-02-02 | N/A | 5.5 MEDIUM |
| Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQuality Updater password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2023-24455 | 1 Jenkins | 1 Visual Expert | 2023-02-02 | N/A | 4.3 MEDIUM |
| Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | |||||
| CVE-2023-24456 | 1 Jenkins | 1 Keycloak Authentication | 2023-02-02 | N/A | 9.8 CRITICAL |
| Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login. | |||||
| CVE-2023-24458 | 1 Jenkins | 1 Bearychat | 2023-02-02 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL. | |||||
| CVE-2023-24457 | 1 Jenkins | 1 Keycloak Authentication | 2023-02-02 | N/A | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account. | |||||
| CVE-2023-24459 | 1 Jenkins | 1 Bearychat | 2023-02-02 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | |||||