Filtered by vendor Jenkins
Subscriptions
Filtered by product Cas
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32997 | 1 Jenkins | 1 Cas | 2024-11-21 | 8.8 High |
| Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login. | ||||
| CVE-2021-21673 | 1 Jenkins | 1 Cas | 2024-11-21 | 6.1 Medium |
| Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | ||||
| CVE-2018-1000188 | 1 Jenkins | 1 Cas | 2024-11-21 | N/A |
| A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | ||||
Page 1 of 1.