Vulnerabilities > Jenkins > Digital AI APP Management Publisher > 1.2.4

DATE	CVE	VULNERABILITY TITLE	RISK
2023-06-14	CVE-2023-35148	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Digital.Ai APP Management Publisher A cross-site request forgery (CSRF) vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins. network low complexity jenkins CWE-352	6.5
2023-06-14	CVE-2023-35149	Missing Authorization vulnerability in Jenkins Digital.Ai APP Management Publisher A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins. network low complexity jenkins CWE-862	6.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.