Vulnerabilities > Jenkins

DATE CVE VULNERABILITY TITLE RISK
2023-06-14 CVE-2023-35148 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Digital.Ai APP Management Publisher
A cross-site request forgery (CSRF) vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
6.5
6.5
2023-06-14 CVE-2023-35149 Missing Authorization vulnerability in Jenkins Digital.Ai APP Management Publisher
A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
6.5
6.5
2023-05-16 CVE-2023-2195 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Code DX
A cross-site request forgery (CSRF) vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL.
network
low complexity
jenkins CWE-352
3.5
3.5
2023-05-16 CVE-2023-2631 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Code DX
A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
network
low complexity
jenkins CWE-352
4.3
4.3
2023-05-16 CVE-2023-2196 Path Traversal vulnerability in Jenkins Code DX
A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system.
network
low complexity
jenkins CWE-22
4.3
4.3
2023-05-16 CVE-2023-2632 Insufficiently Protected Credentials vulnerability in Jenkins Code DX
Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
network
low complexity
jenkins CWE-522
4.3
4.3
2023-05-16 CVE-2023-2633 Insufficiently Protected Credentials vulnerability in Jenkins Code DX
Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them.
network
low complexity
jenkins CWE-522
4.3
4.3
2023-05-16 CVE-2023-32990 Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins Azure VM Agents
A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method.
network
low complexity
jenkins CWE-732
6.5
6.5
2023-05-16 CVE-2023-32991 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Saml Single Sign on
A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML.
network
low complexity
jenkins CWE-352
8.8
8.8
2023-05-16 CVE-2023-32992 Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins Saml Single Sign on
Missing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML.
network
low complexity
jenkins CWE-732
8.8
8.8