Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-6f4q-f5fj-q6fc: CSRF vulnerability in Bazaar Plugin

A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags.

ghsa
#csrf#vulnerability#git

CSRF vulnerability in Bazaar Plugin

Moderate severity GitHub Reviewed Published Jul 26, 2023 to the GitHub Advisory Database • Updated Jul 26, 2023

Related news

CVE-2023-39152: Jenkins Security Advisory 2023-07-26

Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked (i.e., replaced with asterisks) in the build log in some circumstances.

CVE-2023-39151: Jenkins Security Advisory 2023-07-26

Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control build log contents.

CVE-2023-39156: Jenkins Security Advisory 2023-07-26

A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags.

CVE-2023-39153: Jenkins Security Advisory 2023-07-26

A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account.

CVE-2023-39154: Jenkins Security Advisory 2023-07-26

Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE-2023-39155: Jenkins Security Advisory 2023-07-26

Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it.

ghsa: Latest News

GHSA-hqmp-g7ph-x543: TunnelVision - decloaking VPNs using DHCP