CVE-2023-40351
A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user’s favorite views tab bar.
Source: CVE-2023-40351
[월:] 2023년 08월
CVE-2023-40347
CVE-2023-40347
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.
Source: CVE-2023-40347
CVE-2023-40346
CVE-2023-40346
Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs.
Source: CVE-2023-40346
CVE-2023-40348
CVE-2023-40348
The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output.
Source: CVE-2023-40348
CVE-2023-40339
CVE-2023-40339
Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they’re written to the build log.
Source: CVE-2023-40339
CVE-2023-40342
CVE-2023-40342
Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents.
Source: CVE-2023-40342
CVE-2023-39115
CVE-2023-39115
install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document.
Source: CVE-2023-39115
CVE-2023-39975
CVE-2023-39975
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.
Source: CVE-2023-39975
CVE-2023-40336
CVE-2023-40336
A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders.
Source: CVE-2023-40336
CVE-2023-40337
CVE-2023-40337
A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder.
Source: CVE-2023-40337