Filtered by vendor Jenkins Project
Subscriptions
Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-54003 | 1 Jenkins Project | 1 Jenkins Simple Queue Plugin | 2024-11-27 | 8 High |
Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission. | ||||
CVE-2023-40339 | 3 Jenkins, Jenkins Project, Redhat | 3 Config File Provider, Jenkins Config File Provider Plugin, Ocp Tools | 2024-11-21 | 7.5 High |
Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log. | ||||
CVE-2023-37947 | 3 Jenkins, Jenkins Project, Redhat | 3 Openshift Login, Jenkins Openshift Login Plugin, Ocp Tools | 2024-11-21 | 6.1 Medium |
Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | ||||
CVE-2023-37946 | 3 Jenkins, Jenkins Project, Redhat | 3 Openshift Login, Jenkins Openshift Login Plugin, Ocp Tools | 2024-11-21 | 8.8 High |
Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier does not invalidate the previous session on login. | ||||
CVE-2024-52551 | 1 Jenkins Project | 1 Jenkins Pipeline Declaratrive Plugin | 2024-11-15 | 8 High |
Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose (Jenkinsfile) script is no longer approved. | ||||
CVE-2024-52552 | 1 Jenkins Project | 1 Jenkins Authorize Project Plugin | 2024-11-15 | 8 High |
Jenkins Authorize Project Plugin 1.7.2 and earlier evaluates a string containing the job name with JavaScript on the Authorization view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
CVE-2024-47807 | 1 Jenkins Project | 1 Jenkins Openid Connect Authentication Plugin | 2024-10-04 | 8.1 High |
Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins. | ||||
CVE-2024-47806 | 1 Jenkins Project | 1 Jenkins Openid Connect Authentication Plugin | 2024-10-04 | 8.1 High |
Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins. |
Page 1 of 1.