Vulnerabilities > Jenkins > Blue Ocean > 1.24.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-16 | CVE-2023-40341 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Blue Ocean A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job. | 8.8 |
| 2022-05-17 | CVE-2022-30952 | Insufficiently Protected Credentials vulnerability in Jenkins Blue Ocean Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins. | 6.5 |
| 2022-05-17 | CVE-2022-30953 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Blue Ocean A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server. | 6.5 |
| 2022-05-17 | CVE-2022-30954 | Missing Authorization vulnerability in Jenkins Blue Ocean Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server. | 6.5 |