Vulnerabilities
Vulnerable Software
Jenkins:  Security Vulnerabilities
A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account.
CVSS Score
6.5
EPSS Score
0.01
Published
2023-01-26
A cross-site request forgery (CSRF) vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL.
CVSS Score
8.8
EPSS Score
0.006
Published
2023-01-26
A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
CVSS Score
6.5
EPSS Score
0.007
Published
2023-01-26
Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVSS Score
9.8
EPSS Score
0.012
Published
2023-01-26
Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.
CVSS Score
9.8
EPSS Score
0.011
Published
2023-01-26
Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins.
CVSS Score
6.1
EPSS Score
0.007
Published
2023-01-26
A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account.
CVSS Score
8.8
EPSS Score
0.006
Published
2023-01-26
A cross-site request forgery (CSRF) vulnerability in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password.
CVSS Score
8.8
EPSS Score
0.005
Published
2023-01-26
A missing permission check in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password.
CVSS Score
6.5
EPSS Score
0.007
Published
2023-01-26
Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
CVSS Score
4.3
EPSS Score
0.012
Published
2023-01-26


Contact Us

Shodan ® - All rights reserved