Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2023-50765: Jenkins Security Advisory 2023-12-13

A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID.

CVE
#csrf#vulnerability#web#cisco#dos#js#git#java#perl#ssrf#auth
CVE-2023-50774: Jenkins Security Advisory 2023-12-13

A cross-site request forgery (CSRF) vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier allows attackers to delete arbitrary files on the Jenkins controller file system.

CVE-2023-50770: Jenkins Security Advisory 2023-12-13

Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins.

CVE-2023-50777: Jenkins Security Advisory 2023-12-13

Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

CVE-2023-50773: Jenkins Security Advisory 2023-12-13

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

CVE-2023-50764: Jenkins Security Advisory 2023-12-13

Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system.

CVE-2023-50775: Jenkins Security Advisory 2023-12-13

A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs.

CVE-2023-50769: Jenkins Security Advisory 2023-12-13

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE-2023-50766: Jenkins Security Advisory 2023-12-13

A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML.

GHSA-g27c-w2v7-88xp: Cross Site Request Forgery in Silverpeas

The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application.