Vulnerabilities > Jenkins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-16 | CVE-2023-33003 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins TAG Profiler A cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics. | 4.3 |
| 2023-05-16 | CVE-2023-33004 | Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins TAG Profiler A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics. | 4.3 |
| 2023-05-16 | CVE-2023-33005 | Insufficient Session Expiration vulnerability in Jenkins Wso2 Oauth 1.0 Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login. | 5.4 |
| 2023-05-16 | CVE-2023-33006 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Wso2 Oauth A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account. | 5.4 |
| 2023-05-16 | CVE-2023-33007 | Cross-site Scripting vulnerability in Jenkins Loadcomplete Support Jenkins LoadComplete support Plugin 1.0 and earlier does not escape the LoadComplete test name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
| 2023-05-16 | CVE-2023-32977 | Cross-site Scripting vulnerability in Jenkins Pipeline: JOB Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately. | 5.4 |
| 2023-05-16 | CVE-2023-32978 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Lightweight Directory Access Protocol A cross-site request forgery (CSRF) vulnerability in Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials. | 4.3 |
| 2023-05-16 | CVE-2023-32979 | Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins Email Extension Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system. | 4.3 |
| 2023-05-16 | CVE-2023-32980 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Email Extension A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job. | 4.3 |
| 2023-05-16 | CVE-2023-32981 | Out-of-bounds Write vulnerability in Jenkins Pipeline Utility Steps 2.13.1/2.13.2 An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content. | 8.8 |