Vulnerabilities > Jenkins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-12 | CVE-2023-37948 | Improper Input Validation vulnerability in Jenkins Cloud Infrastructure Compute Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks. | 3.7 |
| 2023-07-12 | CVE-2023-37949 | Missing Authorization vulnerability in Jenkins Orka BY Macstadium A missing permission check in Jenkins Orka by MacStadium Plugin 1.33 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 7.1 |
| 2023-07-12 | CVE-2023-37950 | Missing Authorization vulnerability in Jenkins Mabl A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2023-07-12 | CVE-2023-37951 | Insufficiently Protected Credentials vulnerability in Jenkins Mabl Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. | 6.5 |
| 2023-07-12 | CVE-2023-37952 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Mabl A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
| 2023-07-12 | CVE-2023-37953 | Missing Authorization vulnerability in Jenkins Mabl A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
| 2023-07-12 | CVE-2023-37954 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Rebuilder A cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder Plugin 320.v5a_0933a_e7d61 and earlier allows attackers to rebuild a previous build. | 4.3 |
| 2023-07-12 | CVE-2023-37955 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Test Results Aggregator A cross-site request forgery (CSRF) vulnerability in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | 6.5 |
| 2023-07-12 | CVE-2023-37956 | Missing Authorization vulnerability in Jenkins Test Results Aggregator A missing permission check in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 6.5 |
| 2023-07-12 | CVE-2023-37957 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Pipeline Restful API A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and earlier allows attackers to connect to an attacker-specified URL, capturing a newly generated JCLI token. | 8.8 |