Vulnerabilities > Jenkins > Blue Ocean > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-16 | CVE-2023-40341 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Blue Ocean A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job. | 8.8 |
| 2017-10-05 | CVE-2017-1000106 | Improper Authentication vulnerability in Jenkins Blue Ocean Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. | 8.5 |