CVE-2023-40338
Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system.
Source: CVE-2023-40338
CVE-2023-40340
Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask (i.e., replace with asterisks) credentials specified in the Npm config file in Pipeline build logs.
Source: CVE-2023-40340
CVE-2023-40341
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.
Source: CVE-2023-40341
CVE-2023-40343
Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.
Source: CVE-2023-40343
CVE-2023-40344
A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Source: CVE-2023-40344
CVE-2023-40345
Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to.
Source: CVE-2023-40345
CVE-2023-32493
Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. An unprivileged, remote attacker could potentially exploit this vulnerability, leading to denial of service, information disclosure and remote execution.
Source: CVE-2023-32493
CVE-2023-32487
Dell PowerScale OneFS, 8.2.x – 9.5.0.x, contains an elevation of privilege vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service, code execution and information disclosure.
Source: CVE-2023-32487
CVE-2023-32490
Dell PowerScale OneFS 8.2x -9.5x contains an improper privilege management vulnerability. A high privilege local attacker could potentially exploit this vulnerability, leading to system takeover.
Source: CVE-2023-32490
CVE-2023-32492
Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to information disclosure or allowing to modify files.
Source: CVE-2023-32492