Vulnerabilities > Jenkins > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-12 | CVE-2023-30513 | Cleartext Transmission of Sensitive Information vulnerability in Jenkins Kubernetes Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. | 7.5 |
| 2023-04-12 | CVE-2023-30514 | Cleartext Transmission of Sensitive Information vulnerability in Jenkins Azure KEY Vault Jenkins Azure Key Vault Plugin 187.va_cd5fecd198a_ and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. | 7.5 |
| 2023-04-12 | CVE-2023-30515 | Cleartext Transmission of Sensitive Information vulnerability in Jenkins Thycotic Devops Secrets Vault 1.0.0 Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. | 7.5 |
| 2023-04-12 | CVE-2023-30525 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Report Portal A cross-site request forgery (CSRF) vulnerability in Jenkins Report Portal Plugin 0.5 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified bearer token authentication. | 8.8 |
| 2023-04-02 | CVE-2023-28674 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Octoperf Load Testing A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials. | 8.8 |
| 2023-04-02 | CVE-2023-28676 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Convert to Pipeline 1.0 A cross-site request forgery (CSRF) vulnerability in Jenkins Convert To Pipeline Plugin 1.0 and earlier allows attackers to create a Pipeline based on a Freestyle project, potentially leading to remote code execution (RCE). | 8.8 |
| 2023-04-02 | CVE-2023-28680 | XXE vulnerability in Jenkins Crap4J Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.5 |
| 2023-04-02 | CVE-2023-28681 | XXE vulnerability in Jenkins Visual Studio Code Metrics Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.2 |
| 2023-04-02 | CVE-2023-28682 | XXE vulnerability in Jenkins Performance Publisher Jenkins Performance Publisher Plugin 8.09 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.2 |
| 2023-04-02 | CVE-2023-28683 | XXE vulnerability in Jenkins Phabricator Differential Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.2 |