Filtered by vendor Jenkins Project
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37946 | 3 Jenkins, Jenkins Project, Redhat | 3 Openshift Login, Jenkins Openshift Login Plugin, Ocp Tools | 2024-11-07 | 8.8 High |
| Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier does not invalidate the previous session on login. | ||||
| CVE-2023-37947 | 3 Jenkins, Jenkins Project, Redhat | 3 Openshift Login, Jenkins Openshift Login Plugin, Ocp Tools | 2024-11-07 | 6.1 Medium |
| Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | ||||
| CVE-2023-40339 | 3 Jenkins, Jenkins Project, Redhat | 3 Config File Provider, Jenkins Config File Provider Plugin, Ocp Tools | 2024-10-08 | 7.5 High |
| Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log. | ||||
| CVE-2024-47806 | 1 Jenkins Project | 1 Jenkins Openid Connect Authentication Plugin | 2024-10-04 | 8.1 High |
| Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins. | ||||
| CVE-2024-47807 | 1 Jenkins Project | 1 Jenkins Openid Connect Authentication Plugin | 2024-10-04 | 8.1 High |
| Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins. | ||||
Page 1 of 1.