Vulnerabilities > Jenkins

DATE CVE VULNERABILITY TITLE RISK
2023-05-16 CVE-2023-32986 Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins File Parameters
Jenkins File Parameter Plugin 285.v757c5b_67a_c25 and earlier does not restrict the name (and resulting uploaded file name) of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content.
network
low complexity
jenkins CWE-732
8.8
8.8
2023-05-16 CVE-2023-32987 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth
A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials.
network
low complexity
jenkins CWE-352
8.8
8.8
2023-05-16 CVE-2023-32988 Insufficiently Protected Credentials vulnerability in Jenkins Azure VM Agents
A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
network
low complexity
jenkins CWE-522
4.3
4.3
2023-05-16 CVE-2023-32989 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Azure VM Agents
A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method.
network
low complexity
jenkins CWE-352
8.8
8.8
2023-04-12 CVE-2023-30513 Cleartext Transmission of Sensitive Information vulnerability in Jenkins Kubernetes
Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
network
low complexity
jenkins CWE-319
7.5
7.5
2023-04-12 CVE-2023-30514 Cleartext Transmission of Sensitive Information vulnerability in Jenkins Azure KEY Vault
Jenkins Azure Key Vault Plugin 187.va_cd5fecd198a_ and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
network
low complexity
jenkins CWE-319
7.5
7.5
2023-04-12 CVE-2023-30515 Cleartext Transmission of Sensitive Information vulnerability in Jenkins Thycotic Devops Secrets Vault 1.0.0
Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
network
low complexity
jenkins CWE-319
7.5
7.5
2023-04-12 CVE-2023-30516 Improper Certificate Validation vulnerability in Jenkins Image TAG Parameter
Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries, resulting in job configurations using Image Tag Parameters that were created before 2.0 having SSL/TLS certificate validation disabled by default.
network
low complexity
jenkins CWE-295
6.5
6.5
2023-04-12 CVE-2023-30517 Improper Certificate Validation vulnerability in Jenkins Neuvector vulnerability Scanner
Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server.
network
low complexity
jenkins CWE-295
5.3
5.3
2023-04-12 CVE-2023-30518 Missing Authorization vulnerability in Jenkins Thycotic Secret Server 1.0.0/1.0.1/1.0.2
A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
4.3
4.3