Filtered by vendor Jenkins
Subscribe
Total
1577 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3665 | 1 Jenkins | 1 Jenkins | 2023-02-13 | 6.8 MEDIUM | N/A |
| Jenkins before 1.587 and LTS before 1.580.1 do not properly ensure trust separation between a master and slaves, which might allow remote attackers to execute arbitrary code on the master by leveraging access to the slave. | |||||
| CVE-2014-3667 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-02-13 | 4.0 MEDIUM | N/A |
| Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code. | |||||
| CVE-2014-3661 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-02-13 | 5.0 MEDIUM | N/A |
| Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake. | |||||
| CVE-2014-3681 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-02-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-3662 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-02-13 | 5.0 MEDIUM | N/A |
| Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts. | |||||
| CVE-2023-24427 | 1 Jenkins | 1 Bitbucket Oauth | 2023-02-04 | N/A | 9.8 CRITICAL |
| Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login. | |||||
| CVE-2023-24422 | 1 Jenkins | 1 Script Security | 2023-02-04 | N/A | 8.8 HIGH |
| A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | |||||
| CVE-2023-24439 | 1 Jenkins | 1 Jira Pipeline Steps | 2023-02-04 | N/A | 5.5 MEDIUM |
| Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier stores the private keys unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2023-24440 | 1 Jenkins | 1 Jira Pipeline Steps | 2023-02-04 | N/A | 5.5 MEDIUM |
| Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2023-24438 | 1 Jenkins | 1 Jira Pipeline Steps | 2023-02-04 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-24428 | 1 Jenkins | 1 Bitbucket Oauth | 2023-02-04 | N/A | 5.7 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account. | |||||
| CVE-2023-24426 | 1 Jenkins | 1 Azure Ad | 2023-02-03 | N/A | 8.8 HIGH |
| Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login. | |||||
| CVE-2023-24425 | 1 Jenkins | 1 Kubernetes Credentials Provider | 2023-02-03 | N/A | 6.5 MEDIUM |
| Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to. | |||||
| CVE-2023-24424 | 1 Jenkins | 1 Openid Connect Authentication | 2023-02-03 | N/A | 8.8 HIGH |
| Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login. | |||||
| CVE-2023-24423 | 1 Jenkins | 1 Gerrit Trigger | 2023-02-03 | N/A | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit. | |||||
| CVE-2023-24451 | 1 Jenkins | 1 Cisco Spark | 2023-02-02 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2023-24453 | 1 Jenkins | 1 Testquality Updater | 2023-02-02 | N/A | 6.5 MEDIUM |
| A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. | |||||
| CVE-2023-24452 | 1 Jenkins | 1 Testquality Updater | 2023-02-02 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password. | |||||
| CVE-2023-24454 | 1 Jenkins | 1 Testquality Updater | 2023-02-02 | N/A | 5.5 MEDIUM |
| Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQuality Updater password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2023-24455 | 1 Jenkins | 1 Visual Expert | 2023-02-02 | N/A | 4.3 MEDIUM |
| Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | |||||