Filtered by vendor Jenkins Project Subscriptions
Total 8 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-54003 1 Jenkins Project 1 Jenkins Simple Queue Plugin 2024-11-27 8 High
Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission.
CVE-2023-40339 3 Jenkins, Jenkins Project, Redhat 3 Config File Provider, Jenkins Config File Provider Plugin, Ocp Tools 2024-11-21 7.5 High
Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log.
CVE-2023-37947 3 Jenkins, Jenkins Project, Redhat 3 Openshift Login, Jenkins Openshift Login Plugin, Ocp Tools 2024-11-21 6.1 Medium
Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.
CVE-2023-37946 3 Jenkins, Jenkins Project, Redhat 3 Openshift Login, Jenkins Openshift Login Plugin, Ocp Tools 2024-11-21 8.8 High
Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier does not invalidate the previous session on login.
CVE-2024-52551 1 Jenkins Project 1 Jenkins Pipeline Declaratrive Plugin 2024-11-15 8 High
Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose (Jenkinsfile) script is no longer approved.
CVE-2024-52552 1 Jenkins Project 1 Jenkins Authorize Project Plugin 2024-11-15 8 High
Jenkins Authorize Project Plugin 1.7.2 and earlier evaluates a string containing the job name with JavaScript on the Authorization view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2024-47807 1 Jenkins Project 1 Jenkins Openid Connect Authentication Plugin 2024-10-04 8.1 High
Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins.
CVE-2024-47806 1 Jenkins Project 1 Jenkins Openid Connect Authentication Plugin 2024-10-04 8.1 High
Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins.