Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-23115

Summary
Assigner-jenkins
Assigner Org ID-39769cd5-e6e2-4dc8-927e-97b3aa056f5b
Published At-12 Jan, 2022 | 19:06
Updated At-03 Aug, 2024 | 03:36
Rejected At-
Credits

Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jenkins
Assigner Org ID:39769cd5-e6e2-4dc8-927e-97b3aa056f5b
Published At:12 Jan, 2022 | 19:06
Updated At:03 Aug, 2024 | 03:36
Rejected At:
▼CVE Numbering Authority (CNA)

Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task.

Affected Products
Vendor
JenkinsJenkins project
Product
Jenkins batch task Plugin
Versions
Affected
  • From unspecified through 1.19 (custom)

unknown

  • From next of 1.19 before unspecified (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1025
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2022/01/12/6
mailing-list
x_refsource_MLIST
Hyperlink: https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1025
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.openwall.com/lists/oss-security/2022/01/12/6
Resource:
mailing-list
x_refsource_MLIST
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1025
x_refsource_CONFIRM
x_transferred
http://www.openwall.com/lists/oss-security/2022/01/12/6
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1025
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2022/01/12/6
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:jenkinsci-cert@googlegroups.com
Published At:12 Jan, 2022 | 20:15
Updated At:30 Nov, 2023 | 18:42

Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Primary2.05.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Type: Primary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Type: Primary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CPE Matches
Jenkins
jenkins
>>batch_task>>Versions up to 1.19(inclusive)
cpe:2.3:a:jenkins:batch_task:*:*:*:*:*:jenkins:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.openwall.com/lists/oss-security/2022/01/12/6jenkinsci-cert@googlegroups.com
Mailing List
Third Party Advisory
https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1025jenkinsci-cert@googlegroups.com
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2022/01/12/6
Source: jenkinsci-cert@googlegroups.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1025
Source: jenkinsci-cert@googlegroups.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

351Records found
CVE-2023-4301
Matching Score-10
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-10
Assigner-OpenText (formerly Micro Focus)
CVSS Score-4.2||MEDIUM
EPSS-0.23% / 45.98%
||
7 Day CHG~0.00%
Published-21 Aug, 2023 | 22:34
Updated-01 Oct, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CSRF vulnerability in Fortify Plugin allow capturing credentials

A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-fortifyJenkins Fortify Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-39153
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.34%
||
7 Day CHG~0.00%
Published-26 Jul, 2023 | 13:54
Updated-23 Oct, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account.

Action-Not Available
Vendor-Jenkins
Product-gitlab_authenticationJenkins GitLab Authentication Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-33006
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-0.23% / 45.98%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 16:00
Updated-23 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account.

Action-Not Available
Vendor-Jenkins
Product-wso2_oauthJenkins WSO2 Oauth Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-20619
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-7.1||HIGH
EPSS-0.22% / 44.37%
||
7 Day CHG~0.00%
Published-12 Jan, 2022 | 19:05
Updated-03 Aug, 2024 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-bitbucket_branch_sourceJenkins Bitbucket Branch Source Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-21655
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-7.1||HIGH
EPSS-0.09% / 27.16%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 14:15
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password.

Action-Not Available
Vendor-Jenkins
Product-p4Jenkins P4 Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-21652
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.73%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 14:15
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-xray_-_test_management_for_jiraJenkins Xray - Test Management for Jira Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-33005
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 40.89%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 16:00
Updated-23 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login.

Action-Not Available
Vendor-Jenkins
Product-wso2_oauthJenkins WSO2 Oauth Plugin
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2018-1999035
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.04% / 11.80%
||
7 Day CHG~0.00%
Published-01 Aug, 2018 | 13:00
Updated-17 Sep, 2024 | 02:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to.

Action-Not Available
Vendor-n/aJenkins
Product-inedo_buildmastern/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2018-1999034
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.04% / 11.80%
||
7 Day CHG~0.00%
Published-01 Aug, 2018 | 13:00
Updated-16 Sep, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to.

Action-Not Available
Vendor-n/aJenkins
Product-inedo_progetn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2018-1999025
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.04% / 11.80%
||
7 Day CHG~0.00%
Published-01 Aug, 2018 | 13:00
Updated-17 Sep, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to.

Action-Not Available
Vendor-n/aJenkins
Product-tracetronic_ecu-testn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-21686
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-8.1||HIGH
EPSS-0.35% / 56.66%
||
7 Day CHG~0.00%
Published-04 Nov, 2021 | 16:30
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories.

Action-Not Available
Vendor-Jenkins
Product-jenkinsJenkins
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2018-1000605
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.04% / 11.80%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 17:00
Updated-16 Sep, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to.

Action-Not Available
Vendor-n/aJenkins
Product-collabnetn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2018-1000174
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.03% / 6.65%
||
7 Day CHG~0.00%
Published-08 May, 2018 | 15:00
Updated-05 Aug, 2024 | 12:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login.

Action-Not Available
Vendor-n/aJenkins
Product-google_loginn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-21673
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.1||MEDIUM
EPSS-0.08% / 23.55%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 16:45
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.

Action-Not Available
Vendor-Jenkins
Product-casJenkins CAS Plugin
CVE-2012-6073
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.26% / 49.10%
||
7 Day CHG~0.00%
Published-24 Feb, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Action-Not Available
Vendor-cloudbeesn/aJenkins
Product-jenkinsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-1000409
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 11.11%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 23:00
Updated-05 Aug, 2024 | 12:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account.

Action-Not Available
Vendor-n/aJenkins
Product-jenkinsn/a
CWE ID-CWE-384
Session Fixation
CVE-2020-2253
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-4.8||MEDIUM
EPSS-0.04% / 8.77%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 13:20
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server.

Action-Not Available
Vendor-Jenkins
Product-email_extensionJenkins Email Extension Plugin
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-2146
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-7.4||HIGH
EPSS-0.03% / 8.08%
||
7 Day CHG~0.00%
Published-09 Mar, 2020 | 15:01
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.

Action-Not Available
Vendor-Jenkins
Product-macJenkins Mac Plugin
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2016-3726
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.4||HIGH
EPSS-0.08% / 23.40%
||
7 Day CHG-0.02%
Published-17 May, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.

Action-Not Available
Vendor-n/aRed Hat, Inc.Jenkins
Product-openshiftjenkinsn/a
CVE-2019-10372
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 16.54%
||
7 Day CHG~0.00%
Published-07 Aug, 2019 | 14:20
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login.

Action-Not Available
Vendor-Jenkins
Product-gitlab_oauthJenkins Gitlab Authentication Plugin
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-10382
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 14.89%
||
7 Day CHG~0.00%
Published-07 Aug, 2019 | 14:20
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM.

Action-Not Available
Vendor-Jenkins
Product-vmware_lab_manager_slavesJenkins VMware Lab Manager Slaves Plugin
CWE ID-CWE-295
Improper Certificate Validation
CVE-2019-1003009
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-7.4||HIGH
EPSS-0.02% / 4.58%
||
7 Day CHG~0.00%
Published-06 Feb, 2019 | 16:00
Updated-16 Sep, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java, src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java that allows attackers to impersonate the Active Directory server Jenkins connects to for authentication if Jenkins is configured to use StartTLS.

Action-Not Available
Vendor-Jenkins
Product-active_directoryJenkins Active Directory Plugin
CWE ID-CWE-295
Improper Certificate Validation
CVE-2019-10334
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.11%
||
7 Day CHG~0.00%
Published-11 Jun, 2019 | 13:15
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins ElectricFlow Plugin 1.1.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM when MultipartUtility.java is used to upload files.

Action-Not Available
Vendor-Jenkins
Product-electricflowJenkins ElectricFlow Plugin
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-2252
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-4.8||MEDIUM
EPSS-0.04% / 8.61%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 13:20
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.

Action-Not Available
Vendor-Jenkins
Product-mailerJenkins Mailer Plugin
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-2105
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-0.53% / 66.37%
||
7 Day CHG~0.00%
Published-29 Jan, 2020 | 15:15
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks.

Action-Not Available
Vendor-Jenkins
Product-jenkinsJenkins
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2023-43500
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.06% / 19.72%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 16:06
Updated-24 Sep, 2024 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.

Action-Not Available
Vendor-Jenkins
Product-build_failure_analyzerJenkins Build Failure Analyzer Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-43502
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 12.24%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 16:06
Updated-24 Sep, 2024 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes.

Action-Not Available
Vendor-Jenkins
Product-build_failure_analyzerJenkins Build Failure Analyzer Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-8718
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.78% / 72.70%
||
7 Day CHG~0.00%
Published-27 Mar, 2018 | 16:00
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.

Action-Not Available
Vendor-n/aJenkins
Product-mailern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-41946
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-3.5||LOW
EPSS-0.07% / 21.50%
||
7 Day CHG~0.00%
Published-06 Sep, 2023 | 12:09
Updated-26 Sep, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified username.

Action-Not Available
Vendor-Jenkins
Product-frugal_testingJenkins Frugal Testing Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-41942
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 12.66%
||
7 Day CHG~0.00%
Published-06 Sep, 2023 | 12:09
Updated-26 Sep, 2024 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue.

Action-Not Available
Vendor-Jenkins
Product-aws_codecommit_triggerJenkins AWS CodeCommit Trigger Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-40337
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 19.41%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 14:32
Updated-08 Oct, 2024 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder.

Action-Not Available
Vendor-Jenkins
Product-foldersJenkins Folders Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-40351
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.39%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 14:32
Updated-08 Oct, 2024 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar.

Action-Not Available
Vendor-Jenkins
Product-favorite_viewJenkins Favorite View Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-37954
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.39%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 15:52
Updated-06 Nov, 2024 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder Plugin 320.v5a_0933a_e7d61 and earlier allows attackers to rebuild a previous build.

Action-Not Available
Vendor-Jenkins
Product-rebuilderJenkins Rebuilder Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-37958
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.23% / 45.58%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 15:52
Updated-07 Nov, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers to connect to an attacker-specified URL.

Action-Not Available
Vendor-Jenkins
Product-sumologic_publisherJenkins Sumologic Publisher Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-37952
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 14.76%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 15:52
Updated-07 Nov, 2024 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-mablJenkins mabl Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-37955
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 12.24%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 15:52
Updated-06 Nov, 2024 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-test_results_aggregatorJenkins Test Results Aggregator Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-37962
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.17% / 39.08%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 15:53
Updated-06 Nov, 2024 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-benchmark_evaluatorJenkins Benchmark Evaluator Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-37964
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.15% / 36.88%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 15:53
Updated-06 Nov, 2024 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-elasticbox_ciJenkins ElasticBox CI Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-37961
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.07% / 21.86%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 15:52
Updated-07 Nov, 2024 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account.

Action-Not Available
Vendor-Jenkins
Product-assemblaJenkins Assembla Auth Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-23111
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.59% / 68.16%
||
7 Day CHG~0.00%
Published-12 Jan, 2022 | 19:06
Updated-03 Aug, 2024 | 03:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-publish_over_sshJenkins Publish Over SSH Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-35141
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-8||HIGH
EPSS-0.16% / 37.71%
||
7 Day CHG~0.00%
Published-14 Jun, 2023 | 12:53
Updated-02 Jan, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu.

Action-Not Available
Vendor-Jenkins
Product-jenkinsJenkins
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32980
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 40.25%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 16:00
Updated-23 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job.

Action-Not Available
Vendor-Jenkins
Product-email_extensionJenkins Email Extension Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-33003
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.08%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 16:00
Updated-23 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics.

Action-Not Available
Vendor-Jenkins
Product-tag_profilerJenkins Tag Profiler Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32989
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.29% / 52.11%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 16:00
Updated-23 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method.

Action-Not Available
Vendor-Jenkins
Product-azure_vm_agentsJenkins Azure VM Agents Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32978
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.08%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 15:59
Updated-23 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-lightweight_directory_access_protocolJenkins LDAP Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32995
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.29% / 52.11%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 16:00
Updated-23 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails.

Action-Not Available
Vendor-Jenkins
Product-saml_single_sign_onJenkins SAML Single Sign On(SSO) Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32987
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.29% / 52.11%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 16:00
Updated-23 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-reverse_proxy_authJenkins Reverse Proxy Auth Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32991
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.70%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 16:00
Updated-23 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML.

Action-Not Available
Vendor-Jenkins
Product-saml_single_sign_onJenkins SAML Single Sign On(SSO) Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32998
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.35% / 56.62%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 16:00
Updated-23 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-appspiderJenkins AppSpider Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-20613
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.89%
||
7 Day CHG~0.00%
Published-12 Jan, 2022 | 00:00
Updated-03 Aug, 2024 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.

Action-Not Available
Vendor-Oracle CorporationJenkins
Product-communications_cloud_native_core_automated_test_suitemailerJenkins Mailer Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 7
  • 8
  • Next
Details not found