Vulnerabilities > Jenkins > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-02-15 CVE-2023-25766 Missing Authorization vulnerability in Jenkins Azure Credentials
A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
4.3
2023-02-15 CVE-2023-25768 Missing Authorization vulnerability in Jenkins Azure Credentials
A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server.
network
low complexity
jenkins CWE-862
6.5
2023-01-26 CVE-2023-24423 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Gerrit Trigger
A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit.
network
low complexity
jenkins CWE-352
6.5
2023-01-26 CVE-2023-24425 Unspecified vulnerability in Jenkins Kubernetes Credentials Provider
Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to.
network
low complexity
jenkins
6.5
2023-01-26 CVE-2023-24428 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Bitbucket Oauth
A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account.
network
low complexity
jenkins CWE-352
5.7
2023-01-26 CVE-2023-24431 Missing Authorization vulnerability in Jenkins Orka BY Macstadium
A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
4.3
2023-01-26 CVE-2023-24433 Missing Authorization vulnerability in Jenkins Orka BY Macstadium
Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
6.5
2023-01-26 CVE-2023-24435 Missing Authorization vulnerability in Jenkins Github Pull Request Builder
A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
6.5
2023-01-26 CVE-2023-24436 Missing Authorization vulnerability in Jenkins Github Pull Request Builder
A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
4.3
2023-01-26 CVE-2023-24438 Missing Authorization vulnerability in Jenkins Jira Pipeline Steps 2.0.165.V8846Cf59F3Db
A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
6.5