Vulnerabilities > Jenkins > Blue Ocean > High

DATE CVE VULNERABILITY TITLE RISK
2023-08-16 CVE-2023-40341 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Blue Ocean
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.
network
low complexity
jenkins CWE-352
8.8
2017-10-05 CVE-2017-1000106 Improper Authentication vulnerability in Jenkins Blue Ocean
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins.
network
low complexity
jenkins CWE-287
8.5