Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-07-12	CVE-2023-37944	Missing Authorization vulnerability in Jenkins Datadog A missing permission check in Jenkins Datadog Plugin 5.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. network low complexity jenkins CWE-862	6.5
2023-07-12	CVE-2023-37945	Missing Authorization vulnerability in Jenkins Saml Single Sign on 2.1.0/2.2.0/2.3.0 A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the current security realm. network low complexity jenkins CWE-862	4.3
2023-07-12	CVE-2023-37947	Open Redirect vulnerability in Jenkins Openshift Login Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. network low complexity jenkins CWE-601	6.1
2023-07-12	CVE-2023-37950	Missing Authorization vulnerability in Jenkins Mabl A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. network low complexity jenkins CWE-862	4.3
2023-07-12	CVE-2023-37951	Insufficiently Protected Credentials vulnerability in Jenkins Mabl Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. network low complexity jenkins CWE-522	6.5
2023-07-12	CVE-2023-37952	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Mabl A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. network low complexity jenkins CWE-352	6.5
2023-07-12	CVE-2023-37953	Missing Authorization vulnerability in Jenkins Mabl A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. network low complexity jenkins CWE-862	6.5
2023-07-12	CVE-2023-37954	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Rebuilder A cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder Plugin 320.v5a_0933a_e7d61 and earlier allows attackers to rebuild a previous build. network low complexity jenkins CWE-352	4.3
2023-07-12	CVE-2023-37955	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Test Results Aggregator A cross-site request forgery (CSRF) vulnerability in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. network low complexity jenkins CWE-352	6.5
2023-07-12	CVE-2023-37956	Missing Authorization vulnerability in Jenkins Test Results Aggregator A missing permission check in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. network low complexity jenkins CWE-862	6.5