CVE-2023-32996

A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-sp ...

Continue Reading

May 16, 2023

CVE-2023-32992

Missing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the r ...

Continue Reading

May 16, 2023

CVE-2023-33007

Jenkins LoadComplete support Plugin 1.0 and earlier does not escape the LoadComplete test name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Config ...

Continue Reading

May 16, 2023

CVE-2023-32998

A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payl ...

Continue Reading

May 16, 2023

CVE-2023-32993

Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused usin ...

Continue Reading

May 16, 2023

CVE-2023-33004

A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics.Read More ...

Continue Reading

May 16, 2023

CVE-2023-32997

Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.Read More ...

Continue Reading

May 16, 2023

CVE-2023-33000

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and captur ...

Continue Reading

May 16, 2023

1 57,320 57,321 57,322 57,323 57,324 79,322

Back to Main
Subscribe for the latest news: