High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-07-12	CVE-2023-37949	Missing Authorization vulnerability in Jenkins Orka BY Macstadium A missing permission check in Jenkins Orka by MacStadium Plugin 1.33 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. network low complexity jenkins CWE-862	7.1
2023-07-12	CVE-2023-37957	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Pipeline Restful API A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and earlier allows attackers to connect to an attacker-specified URL, capturing a newly generated JCLI token. network low complexity jenkins CWE-352	8.8
2023-07-12	CVE-2023-37958	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Sumologic Publisher A cross-site request forgery (CSRF) vulnerability in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers to connect to an attacker-specified URL. network low complexity jenkins CWE-352	8.8
2023-07-12	CVE-2023-37961	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Assembla A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account. network low complexity jenkins CWE-352	8.8
2023-07-12	CVE-2023-37962	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Benchmark Evaluator 1.0.0/1.0.1 A cross-site request forgery (CSRF) vulnerability in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system. network low complexity jenkins CWE-352	8.8
2023-07-12	CVE-2023-37964	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Elasticbox CI A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. network low complexity jenkins CWE-352	8.8
2023-07-12	CVE-2023-37965	Missing Authorization vulnerability in Jenkins Elasticbox CI A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. network low complexity jenkins CWE-862	7.1
2023-06-14	CVE-2023-35141	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. network low complexity jenkins CWE-352	8.0
2023-06-14	CVE-2023-35142	Improper Certificate Validation vulnerability in Jenkins Checkmarx Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default. network high complexity jenkins CWE-295	8.1
2023-05-16	CVE-2023-32991	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Saml Single Sign on A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML. network low complexity jenkins CWE-352	8.8