Vulnerabilities > Jenkins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-16 | CVE-2023-40346 | Cross-site Scripting vulnerability in Jenkins Shortcut JOB 0.4 Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs. | 5.4 |
| 2023-08-16 | CVE-2023-40347 | Insufficiently Protected Credentials vulnerability in Jenkins Maven Artifact Choicelistprovider (Nexus) Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. | 6.5 |
| 2023-08-16 | CVE-2023-40348 | Unspecified vulnerability in Jenkins Gogs The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output. | 5.3 |
| 2023-08-16 | CVE-2023-40349 | Improper Initialization vulnerability in Jenkins Gogs Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs. | 5.3 |
| 2023-08-16 | CVE-2023-40350 | Cross-site Scripting vulnerability in Jenkins Docker Swarm 1.11 Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control responses from Docker. | 5.4 |
| 2023-08-16 | CVE-2023-40351 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Favorite View A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar. | 4.3 |
| 2023-07-26 | CVE-2023-3414 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Servicenow Devops A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. | 6.5 |
| 2023-07-26 | CVE-2023-3442 | Missing Authorization vulnerability in Jenkins Servicenow Devops A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. | 7.5 |
| 2023-07-26 | CVE-2023-39151 | Cross-site Scripting vulnerability in Jenkins Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control build log contents. | 5.4 |
| 2023-07-26 | CVE-2023-39152 | Always-Incorrect Control Flow Implementation vulnerability in Jenkins Gradle 2.8 Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked (i.e., replaced with asterisks) in the build log in some circumstances. | 6.5 |