Vulnerabilities > Jenkins > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-06 | CVE-2023-41944 | Cross-site Scripting vulnerability in Jenkins AWS Codecommit Trigger 3.0.12 Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability. | 6.1 |
| 2023-09-06 | CVE-2023-41947 | Missing Authorization vulnerability in Jenkins Frugal Testing 1.0/1.1 A missing permission check in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to Frugal Testing using attacker-specified credentials. | 4.3 |
| 2023-08-21 | CVE-2023-4301 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Fortify A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 5.4 |
| 2023-08-21 | CVE-2023-4302 | Missing Authorization vulnerability in Jenkins Fortify A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 4.3 |
| 2023-08-21 | CVE-2023-4303 | Cross-site Scripting vulnerability in Jenkins Fortify Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability. | 6.1 |
| 2023-08-16 | CVE-2023-40337 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Folders A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder. | 4.3 |
| 2023-08-16 | CVE-2023-40338 | Information Exposure Through Log Files vulnerability in Jenkins Folders Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system. | 4.3 |
| 2023-08-16 | CVE-2023-40342 | Cross-site Scripting vulnerability in Jenkins Flaky Test Handler Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents. | 5.4 |
| 2023-08-16 | CVE-2023-40343 | Information Exposure Through Discrepancy vulnerability in Jenkins Tuleap Authentication Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token. | 5.9 |
| 2023-08-16 | CVE-2023-40344 | Missing Authorization vulnerability in Jenkins Delphix A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |