Security
Headlines
HeadlinesLatestCVEs

Tag

#oauth

CVE-2023-40349: Jenkins Security Advisory 2023-08-16

Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs.

CVE
#xss#csrf#vulnerability#web#nodejs#js#git#java#perl#oauth#auth#docker#maven
CVE-2023-40339: Jenkins Security Advisory 2023-08-16

Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log.

CVE-2023-40346: Jenkins Security Advisory 2023-08-16

Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs.

CVE-2023-40337: Jenkins Security Advisory 2023-08-16

A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder.

CVE-2023-40344: Jenkins Security Advisory 2023-08-16

A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

CVE-2023-40342: Jenkins Security Advisory 2023-08-16

Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents.

CVE-2023-40341: Jenkins Security Advisory 2023-08-16

A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.

Red Hat Security Advisory 2023-4625-01

Red Hat Security Advisory 2023-4625-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.

Red Hat Security Advisory 2023-4623-01

Red Hat Security Advisory 2023-4623-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.

Red Hat Security Advisory 2023-4624-01

Red Hat Security Advisory 2023-4624-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a memory leak vulnerability.