Vulnerabilities > Jenkins > Mabl > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-07-12 CVE-2023-37950 Missing Authorization vulnerability in Jenkins Mabl
A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
4.3
4.3
2023-07-12 CVE-2023-37951 Insufficiently Protected Credentials vulnerability in Jenkins Mabl
Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.
network
low complexity
jenkins CWE-522
6.5
6.5
2023-07-12 CVE-2023-37952 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Mabl
A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
6.5
6.5
2023-07-12 CVE-2023-37953 Missing Authorization vulnerability in Jenkins Mabl
A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
6.5
6.5