Vulnerabilities > Jenkins > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-07-12 CVE-2023-37951 Insufficiently Protected Credentials vulnerability in Jenkins Mabl
Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.
network
low complexity
jenkins CWE-522
6.5
6.5
2023-07-12 CVE-2023-37952 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Mabl
A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
6.5
6.5
2023-07-12 CVE-2023-37953 Missing Authorization vulnerability in Jenkins Mabl
A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
6.5
6.5
2023-07-12 CVE-2023-37954 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Rebuilder
A cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder Plugin 320.v5a_0933a_e7d61 and earlier allows attackers to rebuild a previous build.
network
low complexity
jenkins CWE-352
4.3
4.3
2023-07-12 CVE-2023-37955 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Test Results Aggregator
A cross-site request forgery (CSRF) vulnerability in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
network
low complexity
jenkins CWE-352
6.5
6.5
2023-07-12 CVE-2023-37956 Missing Authorization vulnerability in Jenkins Test Results Aggregator
A missing permission check in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
network
low complexity
jenkins CWE-862
6.5
6.5
2023-07-12 CVE-2023-37959 Missing Authorization vulnerability in Jenkins Sumologic Publisher
A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
network
low complexity
jenkins CWE-862
6.5
6.5
2023-07-12 CVE-2023-37960 Path Traversal vulnerability in Jenkins Mathworks Polyspace
Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier allows attackers with Item/Configure permission to send emails with arbitrary files from the Jenkins controller file systems.
network
low complexity
jenkins CWE-22
6.5
6.5
2023-07-12 CVE-2023-37963 Missing Authorization vulnerability in Jenkins Benchmark Evaluator 1.0.0/1.0.1
A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system.
network
low complexity
jenkins CWE-862
5.4
5.4
2023-06-19 CVE-2023-3315 Missing Authorization vulnerability in Jenkins Team Concert
Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
network
low complexity
jenkins CWE-862
4.3
4.3