Vulnerabilities > Jenkins

DATE CVE VULNERABILITY TITLE RISK
2023-09-06 CVE-2023-41946 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Frugal Testing 1.0/1.1
A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified username.
network
low complexity
jenkins CWE-352
3.5
3.5
2023-09-06 CVE-2023-41947 Missing Authorization vulnerability in Jenkins Frugal Testing 1.0/1.1
A missing permission check in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to Frugal Testing using attacker-specified credentials.
network
low complexity
jenkins CWE-862
4.3
4.3
2023-08-21 CVE-2023-4301 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Fortify
A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
5.4
5.4
2023-08-21 CVE-2023-4302 Missing Authorization vulnerability in Jenkins Fortify
A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
4.3
4.3
2023-08-21 CVE-2023-4303 Cross-site Scripting vulnerability in Jenkins Fortify
Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.
network
low complexity
jenkins CWE-79
6.1
6.1
2023-08-16 CVE-2023-40336 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Folders
A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders.
network
low complexity
jenkins CWE-352
8.8
8.8
2023-08-16 CVE-2023-40337 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Folders
A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder.
network
low complexity
jenkins CWE-352
4.3
4.3
2023-08-16 CVE-2023-40338 Information Exposure Through Log Files vulnerability in Jenkins Folders
Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system.
network
low complexity
jenkins CWE-532
4.3
4.3
2023-08-16 CVE-2023-40339 Unspecified vulnerability in Jenkins Config File Provider
Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log.
network
low complexity
jenkins
7.5
7.5
2023-08-16 CVE-2023-40340 Unspecified vulnerability in Jenkins Nodejs
Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask (i.e., replace with asterisks) credentials specified in the Npm config file in Pipeline build logs.
network
low complexity
jenkins
7.5
7.5