Vulnerabilities > Jenkins

DATE CVE VULNERABILITY TITLE RISK
2023-07-12 CVE-2023-37958 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Sumologic Publisher
A cross-site request forgery (CSRF) vulnerability in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers to connect to an attacker-specified URL.
network
low complexity
jenkins CWE-352
8.8
8.8
2023-07-12 CVE-2023-37959 Missing Authorization vulnerability in Jenkins Sumologic Publisher
A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
network
low complexity
jenkins CWE-862
6.5
6.5
2023-07-12 CVE-2023-37960 Path Traversal vulnerability in Jenkins Mathworks Polyspace
Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier allows attackers with Item/Configure permission to send emails with arbitrary files from the Jenkins controller file systems.
network
low complexity
jenkins CWE-22
6.5
6.5
2023-07-12 CVE-2023-37961 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Assembla
A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account.
network
low complexity
jenkins CWE-352
8.8
8.8
2023-07-12 CVE-2023-37962 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Benchmark Evaluator 1.0.0/1.0.1
A cross-site request forgery (CSRF) vulnerability in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system.
network
low complexity
jenkins CWE-352
8.8
8.8
2023-07-12 CVE-2023-37963 Missing Authorization vulnerability in Jenkins Benchmark Evaluator 1.0.0/1.0.1
A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system.
network
low complexity
jenkins CWE-862
5.4
5.4
2023-07-12 CVE-2023-37964 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Elasticbox CI
A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
8.8
8.8
2023-07-12 CVE-2023-37965 Missing Authorization vulnerability in Jenkins Elasticbox CI
A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
7.1
7.1
2023-06-19 CVE-2023-3315 Missing Authorization vulnerability in Jenkins Team Concert
Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
network
low complexity
jenkins CWE-862
4.3
4.3
2023-06-14 CVE-2023-35141 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions.
network
low complexity
jenkins CWE-352
8.0
8.0