Filtered by vendor Jenkins
Subscriptions
Total
1633 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50767 | 1 Jenkins | 1 Nexus Platform | 2025-02-13 | 5.4 Medium |
| Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. | ||||
| CVE-2023-50766 | 1 Jenkins | 1 Nexus Platform | 2025-02-13 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML. | ||||
| CVE-2023-50765 | 1 Jenkins | 1 Scriptler | 2025-02-13 | 4.3 Medium |
| A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID. | ||||
| CVE-2023-50764 | 1 Jenkins | 1 Scriptler | 2025-02-13 | 8.1 High |
| Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system. | ||||
| CVE-2023-49674 | 1 Jenkins | 1 Neuvector Vulnerability Scanner | 2025-02-13 | 4.3 Medium |
| A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. | ||||
| CVE-2023-49673 | 2 Jenkins, Jenkins Project | 5 Google Compute Engine, Jira, Matlab and 2 more | 2025-02-13 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password. | ||||
| CVE-2023-49656 | 1 Jenkins | 1 Matlab | 2025-02-13 | 9.8 Critical |
| Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2023-49655 | 1 Jenkins | 1 Matlab | 2025-02-13 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system. | ||||
| CVE-2023-49654 | 1 Jenkins | 1 Matlab | 2025-02-13 | 9.8 Critical |
| Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system. | ||||
| CVE-2023-49653 | 1 Jenkins | 1 Jira | 2025-02-13 | 6.5 Medium |
| Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. | ||||
| CVE-2023-46660 | 1 Jenkins | 1 Zanata | 2025-02-13 | 5.3 Medium |
| Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | ||||
| CVE-2023-46659 | 1 Jenkins | 1 Edgewall Trac | 2025-02-13 | 5.4 Medium |
| Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape the Trac website URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2023-46658 | 1 Jenkins | 1 Msteams Webhook Trigger | 2025-02-13 | 5.3 Medium |
| Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | ||||
| CVE-2023-46657 | 1 Jenkins | 1 Gogs | 2025-02-13 | 5.3 Medium |
| Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | ||||
| CVE-2023-46656 | 1 Jenkins | 1 Multibranch Scan Webhook Trigger | 2025-02-13 | 5.3 Medium |
| Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | ||||
| CVE-2023-46655 | 1 Jenkins | 1 Cloudbees Cd | 2025-02-13 | 6.5 Medium |
| Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins controller file system to the previously configured CloudBees CD server. | ||||
| CVE-2023-46654 | 1 Jenkins | 1 Cloudbees Cd | 2025-02-13 | 8.1 High |
| Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller file system. | ||||
| CVE-2023-46653 | 1 Jenkins | 1 Lambdatest-automation | 2025-02-13 | 6.5 Medium |
| Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure. | ||||
| CVE-2023-46652 | 1 Jenkins | 1 Lambdatest-automation | 2025-02-13 | 4.3 Medium |
| A missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins. | ||||
| CVE-2023-46650 | 1 Jenkins | 1 Github | 2025-02-13 | 5.4 Medium |
| Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||