Vulnerabilities > Jenkins > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-07-12 CVE-2023-37955 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Test Results Aggregator
A cross-site request forgery (CSRF) vulnerability in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
network
low complexity
jenkins CWE-352
6.5
2023-07-12 CVE-2023-37956 Missing Authorization vulnerability in Jenkins Test Results Aggregator
A missing permission check in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
network
low complexity
jenkins CWE-862
6.5
2023-07-12 CVE-2023-37959 Missing Authorization vulnerability in Jenkins Sumologic Publisher
A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
network
low complexity
jenkins CWE-862
6.5
2023-07-12 CVE-2023-37960 Path Traversal vulnerability in Jenkins Mathworks Polyspace
Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier allows attackers with Item/Configure permission to send emails with arbitrary files from the Jenkins controller file systems.
network
low complexity
jenkins CWE-22
6.5
2023-07-12 CVE-2023-37963 Missing Authorization vulnerability in Jenkins Benchmark Evaluator 1.0.0/1.0.1
A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system.
network
low complexity
jenkins CWE-862
5.4
2023-06-19 CVE-2023-3315 Missing Authorization vulnerability in Jenkins Team Concert
Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
network
low complexity
jenkins CWE-862
4.3
2023-06-14 CVE-2023-35143 Cross-site Scripting vulnerability in Jenkins Maven Repository Server
Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control maven project versions in `pom.xml`.
network
low complexity
jenkins CWE-79
5.4
2023-06-14 CVE-2023-35144 Cross-site Scripting vulnerability in Jenkins Maven Repository Server
Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability.
network
low complexity
jenkins CWE-79
5.4
2023-06-14 CVE-2023-35145 Cross-site Scripting vulnerability in Jenkins Sonargraph Integration
Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission.
network
low complexity
jenkins CWE-79
5.4
2023-06-14 CVE-2023-35146 Cross-site Scripting vulnerability in Jenkins Template Workflows 41.V32D86A313B4A
Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create jobs.
network
low complexity
jenkins CWE-79
5.4