Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32997 | 1 Jenkins | 1 Cas | 2023-12-10 | N/A | 8.8 HIGH |
| Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login. | |||||
| CVE-2021-21673 | 1 Jenkins | 1 Cas | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | |||||
| CVE-2018-1000188 | 1 Jenkins | 1 Cas | 2023-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
| A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | |||||