Filtered by vendor Jenkins
Subscriptions
Total
1612 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40346 | 1 Jenkins | 1 Shortcut Job | 2024-11-21 | 5.4 Medium |
| Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs. | ||||
| CVE-2023-40345 | 1 Jenkins | 1 Delphix | 2024-11-21 | 6.5 Medium |
| Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to. | ||||
| CVE-2023-40344 | 1 Jenkins | 1 Delphix | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2023-40343 | 1 Jenkins | 1 Tuleap Authentication | 2024-11-21 | 5.9 Medium |
| Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token. | ||||
| CVE-2023-40342 | 1 Jenkins | 1 Flaky Test Handler | 2024-11-21 | 5.4 Medium |
| Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents. | ||||
| CVE-2023-40341 | 2 Jenkins, Redhat | 2 Blue Ocean, Ocp Tools | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job. | ||||
| CVE-2023-40340 | 1 Jenkins | 1 Nodejs | 2024-11-21 | 7.5 High |
| Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask (i.e., replace with asterisks) credentials specified in the Npm config file in Pipeline build logs. | ||||
| CVE-2023-40339 | 3 Jenkins, Jenkins Project, Redhat | 3 Config File Provider, Jenkins Config File Provider Plugin, Ocp Tools | 2024-11-21 | 7.5 High |
| Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log. | ||||
| CVE-2023-40338 | 2 Jenkins, Redhat | 2 Folders, Ocp Tools | 2024-11-21 | 4.3 Medium |
| Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system. | ||||
| CVE-2023-40337 | 2 Jenkins, Redhat | 2 Folders, Ocp Tools | 2024-11-21 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder. | ||||
| CVE-2023-40336 | 2 Jenkins, Redhat | 2 Folders, Ocp Tools | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders. | ||||
| CVE-2023-3442 | 1 Jenkins | 1 Servicenow Devops | 2024-11-21 | 7.7 High |
| A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform. | ||||
| CVE-2023-3414 | 1 Jenkins | 1 Servicenow Devops | 2024-11-21 | 6.1 Medium |
| A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform. | ||||
| CVE-2023-3315 | 1 Jenkins | 1 Team Concert | 2024-11-21 | 4.3 Medium |
| Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | ||||
| CVE-2023-39156 | 1 Jenkins | 1 Bazaar | 2024-11-21 | 5.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags. | ||||
| CVE-2023-39155 | 1 Jenkins | 1 Chef Identity | 2024-11-21 | 5.3 Medium |
| Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it. | ||||
| CVE-2023-39154 | 1 Jenkins | 1 Qualys Web App Scanning Connector | 2024-11-21 | 6.5 Medium |
| Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2023-39153 | 1 Jenkins | 1 Gitlab Authentication | 2024-11-21 | 5.4 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account. | ||||
| CVE-2023-39152 | 1 Jenkins | 1 Gradle | 2024-11-21 | 6.5 Medium |
| Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked (i.e., replaced with asterisks) in the build log in some circumstances. | ||||
| CVE-2023-39151 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 5.4 Medium |
| Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control build log contents. | ||||