Filtered by vendor Jenkins
Subscriptions
Total
1606 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41940 | 1 Jenkins | 1 Tap | 2024-08-02 | 5.4 Medium |
| Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control TAP file contents. | ||||
| CVE-2023-41944 | 1 Jenkins | 1 Aws Codecommit Trigger | 2024-08-02 | 6.1 Medium |
| Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability. | ||||
| CVE-2023-41933 | 1 Jenkins | 1 Job Configuration History | 2024-08-02 | 8.8 High |
| Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2023-41931 | 1 Jenkins | 1 Job Configuration History | 2024-08-02 | 5.4 Medium |
| Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting (XSS) vulnerability. | ||||
| CVE-2023-41938 | 1 Jenkins | 1 Ivy | 2024-08-02 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attackers to delete disabled modules. | ||||
| CVE-2023-41932 | 1 Jenkins | 1 Job Configuration History | 2024-08-02 | 6.5 Medium |
| Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'. | ||||
| CVE-2023-40339 | 2 Jenkins, Redhat | 2 Config File Provider, Ocp Tools | 2024-08-02 | 7.5 High |
| Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log. | ||||
| CVE-2023-40340 | 1 Jenkins | 1 Nodejs | 2024-08-02 | 7.5 High |
| Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask (i.e., replace with asterisks) credentials specified in the Npm config file in Pipeline build logs. | ||||
| CVE-2023-40344 | 1 Jenkins | 1 Delphix | 2024-08-02 | 4.3 Medium |
| A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2023-40346 | 1 Jenkins | 1 Shortcut Job | 2024-08-02 | 5.4 Medium |
| Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs. | ||||
| CVE-2023-40350 | 1 Jenkins | 1 Docker Swarm | 2024-08-02 | 5.4 Medium |
| Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control responses from Docker. | ||||
| CVE-2023-40337 | 2 Jenkins, Redhat | 2 Folders, Ocp Tools | 2024-08-02 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder. | ||||
| CVE-2023-40341 | 2 Jenkins, Redhat | 2 Blue Ocean, Ocp Tools | 2024-08-02 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job. | ||||
| CVE-2023-40338 | 2 Jenkins, Redhat | 2 Folders, Ocp Tools | 2024-08-02 | 4.3 Medium |
| Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system. | ||||
| CVE-2023-40351 | 1 Jenkins | 1 Favorite View | 2024-08-02 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar. | ||||
| CVE-2023-40345 | 1 Jenkins | 1 Delphix | 2024-08-02 | 6.5 Medium |
| Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to. | ||||
| CVE-2023-40349 | 1 Jenkins | 1 Gogs | 2024-08-02 | 5.3 Medium |
| Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs. | ||||
| CVE-2023-40342 | 1 Jenkins | 1 Flaky Test Handler | 2024-08-02 | 5.4 Medium |
| Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents. | ||||
| CVE-2023-40343 | 1 Jenkins | 1 Tuleap Authentication | 2024-08-02 | 5.9 Medium |
| Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token. | ||||
| CVE-2023-40348 | 1 Jenkins | 1 Gogs | 2024-08-02 | 5.3 Medium |
| The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output. | ||||