Vulnerabilities > Jenkins > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-46650 Cross-site Scripting vulnerability in Jenkins Github
Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
network
low complexity
jenkins CWE-79
5.4
2023-10-25 CVE-2023-46651 Insufficiently Protected Credentials vulnerability in Jenkins Warnings
Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.
network
low complexity
jenkins CWE-522
6.5
2023-10-25 CVE-2023-46652 Missing Authorization vulnerability in Jenkins Lambdatest-Automation
A missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
4.3
2023-10-25 CVE-2023-46653 Cleartext Storage of Sensitive Information vulnerability in Jenkins Lambdatest-Automation
Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure.
network
low complexity
jenkins CWE-312
6.5
2023-10-25 CVE-2023-46655 Link Following vulnerability in Jenkins Cloudbees CD
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins controller file system to the previously configured CloudBees CD server.
network
low complexity
jenkins CWE-59
6.5
2023-10-25 CVE-2023-46656 Incorrect Comparison vulnerability in Jenkins Multibranch Scan Webhook Trigger
Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
network
low complexity
jenkins CWE-697
5.3
2023-10-25 CVE-2023-46657 Incorrect Comparison vulnerability in Jenkins Gogs
Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
network
low complexity
jenkins CWE-697
5.3
2023-10-25 CVE-2023-46658 Incorrect Comparison vulnerability in Jenkins Msteams Webhook Trigger 0.1.0/0.1.1
Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
network
low complexity
jenkins CWE-697
5.3
2023-10-25 CVE-2023-46659 Cross-site Scripting vulnerability in Jenkins Edgewall Trac
Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape the Trac website URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
network
low complexity
jenkins CWE-79
5.4
2023-10-25 CVE-2023-46660 Incorrect Comparison vulnerability in Jenkins Zanata
Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
network
low complexity
jenkins CWE-697
5.3