A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL.
Source: Jenkins Project
Max CVSS
4.3
EPSS Score
0.05%
Published
2024-01-24
Updated
2024-01-31
Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers.
Source: Jenkins Project
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-01-24
Updated
2024-01-31
Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token.
Source: Jenkins Project
Max CVSS
4.3
EPSS Score
0.04%
Published
2023-12-13
Updated
2023-12-18
Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
Source: Jenkins Project
Max CVSS
4.3
EPSS Score
0.04%
Published
2023-12-13
Updated
2023-12-18
Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
Source: Jenkins Project
Max CVSS
4.3
EPSS Score
0.04%
Published
2023-12-13
Updated
2023-12-18
A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs.
Source: Jenkins Project
Max CVSS
4.3
EPSS Score
0.05%
Published
2023-12-13
Updated
2023-12-18
Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
Source: Jenkins Project
Max CVSS
4.3
EPSS Score
0.04%
Published
2023-12-13
Updated
2023-12-18
Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
Source: Jenkins Project
Max CVSS
4.3
EPSS Score
0.04%
Published
2023-12-13
Updated
2023-12-18
Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Source: Jenkins Project
Max CVSS
4.3
EPSS Score
0.04%
Published
2023-12-13
Updated
2023-12-18
A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID.
Source: Jenkins Project
Max CVSS
4.3
EPSS Score
0.04%
Published
2023-12-13
Updated
2023-12-18
A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.
Source: Jenkins Project
Max CVSS
4.3
EPSS Score
0.04%
Published
2023-11-29
Updated
2023-12-05
A missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins.
Source: Jenkins Project
Max CVSS
4.3
EPSS Score
0.04%
Published
2023-10-25
Updated
2023-11-01
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes.
Source: Jenkins Project
Max CVSS
4.3
EPSS Score
0.05%
Published
2023-09-20
Updated
2023-09-22
Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in builds by iteratively testing different characters until the correct sequence is discovered.
Source: Jenkins Project
Max CVSS
4.3
EPSS Score
0.04%
Published
2023-09-20
Updated
2023-09-25
A missing permission check in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to Frugal Testing using attacker-specified credentials.
Source: Jenkins Project
Max CVSS
4.3
EPSS Score
0.04%
Published
2023-09-06
Updated
2023-09-11
A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue.
Source: Jenkins Project
Max CVSS
4.3
EPSS Score
0.05%
Published
2023-09-06
Updated
2023-09-11
A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins.
Source: Jenkins Project
Max CVSS
4.3
EPSS Score
0.04%
Published
2023-09-06
Updated
2023-09-11
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a history entry, allowing attackers to have Jenkins render a manipulated configuration history that was not created by the plugin.
Source: Jenkins Project
Max CVSS
4.3
EPSS Score
0.05%
Published
2023-09-06
Updated
2023-09-11
A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar.
Source: Jenkins Project
Max CVSS
4.3
EPSS Score
0.05%
Published
2023-08-16
Updated
2023-08-22
A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Source: Jenkins Project
Max CVSS
4.3
EPSS Score
0.05%
Published
2023-08-16
Updated
2023-10-20
Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system.
Source: Jenkins Project
Max CVSS
4.3
EPSS Score
0.04%
Published
2023-08-16
Updated
2024-01-02
A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder.
Source: Jenkins Project
Max CVSS
4.3
EPSS Score
0.05%
Published
2023-08-16
Updated
2023-08-22
A cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder Plugin 320.v5a_0933a_e7d61 and earlier allows attackers to rebuild a previous build.
Source: Jenkins Project
Max CVSS
4.3
EPSS Score
0.05%
Published
2023-07-12
Updated
2023-07-20
A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Source: Jenkins Project
Max CVSS
4.3
EPSS Score
0.04%
Published
2023-07-12
Updated
2023-07-20
A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the current security realm.
Source: Jenkins Project
Max CVSS
4.3
EPSS Score
0.04%
Published
2023-07-12
Updated
2023-07-20
343 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!