Filtered by vendor Jenkins
Subscriptions
Total
1606 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-23905 | 1 Jenkins | 1 Red Hat Dependency Analytics | 2024-08-01 | 5.4 Medium |
Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | ||||
CVE-2024-23898 | 2 Jenkins, Redhat | 2 Jenkins, Ocp Tools | 2024-08-01 | 8.8 High |
Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller. | ||||
CVE-2024-23904 | 1 Jenkins | 1 Log Command | 2024-08-01 | 7.5 High |
Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file system. | ||||
CVE-2024-23902 | 1 Jenkins | 1 Github Branch Source | 2024-08-01 | 4.3 Medium |
A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL. | ||||
CVE-2024-23899 | 2 Jenkins, Redhat | 2 Git Server, Ocp Tools | 2024-08-01 | 6.5 Medium |
Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system. | ||||
CVE-2024-23900 | 2 Jenkins, Redhat | 2 Matrix Project, Ocp Tools | 2024-08-01 | 4.3 Medium |
Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers. |