Security
Headlines
HeadlinesLatestCVEs

Tag

#oauth

CVE-2023-37959: Jenkins Security Advisory 2023-07-12

A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.

CVE
#csrf#vulnerability#mac#git#java#oracle#perl#ssrf#oauth#auth#ssh#ssl
CVE-2023-37946: Jenkins Security Advisory 2023-07-12

Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier does not invalidate the previous session on login.

CVE-2023-37954: Jenkins Security Advisory 2023-07-12

A cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder Plugin 320.v5a_0933a_e7d61 and earlier allows attackers to rebuild a previous build.

CVE-2023-37947: Jenkins Security Advisory 2023-07-12

Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.

CVE-2023-37953: Jenkins Security Advisory 2023-07-12

A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE-2023-37960: Jenkins Security Advisory 2023-07-12

Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier allows attackers with Item/Configure permission to send emails with arbitrary files from the Jenkins controller file systems.

CVE-2023-37956: Jenkins Security Advisory 2023-07-12

A missing permission check in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.

CVE-2023-37950: Jenkins Security Advisory 2023-07-12

A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

CVE-2023-37963: Jenkins Security Advisory 2023-07-12

A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system.

Red Hat Security Advisory 2023-4030-01

Red Hat Security Advisory 2023-4030-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.