CVE-2023-50771

The vulnerability CVE-2023-50771 affects Jenkins OpenId Connect Authentication Plugin versions 2.6 and earlier. Root cause: the plugin improperly validates the redirect URL after login, allowing an attacker to phishingly redirect to a malicious site instead of Jenkins. Impact (per sources): poten...

PT-2023-31640 · Jenkins · Jenkins Openid Connect Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpenId Connect Authentication Plugin versions 2.6 and earlier Description: The issue allows attackers to perform phishing attacks by improperly determining that a redirect URL after login is legitimately pointing to Jenkins...

SUSE CVE-2017-7537

It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates...

Apache Traffic Server 输入验证错误漏洞

Apache Traffic Server ATS is the United States Apache Apache Foundation's set of scalable HTTP proxy and caching server. Apache Traffic Server suffers from an input validation error vulnerability that stems from an HTTP/2 frame formatting error and is vulnerable to HTTP/2 and s3 authentication...

CVE-2023-40343

Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token...

CVE-2023-40343

CVE-2023-40343 affects Jenkins Tuleap Authentication Plugin (versions 1.1.20 and earlier). The root cause is a non-constant-time comparison function when validating authentication tokens, which could allow attackers to apply statistical methods to obtain a valid token. The issue is mitigated by u...

CVE-2023-40343

Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token...

Jenkins Plugin Tuleap Authentication 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2023-27401 · Jenkins · Jenkins Tuleap Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Tuleap Authentication Plugin versions 1.1.20 and earlier Description: The issue concerns a non-constant time comparison function used when validating an authentication token, allowing attackers to potentially use statistical methods t...

CVE-2023-39153

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account...

CVE-2023-39153

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account...

CVE-2023-39153

CVE-2023-39153 is a CSRF vulnerability in Jenkins GitLab Authentication Plugin versions ≤ 1.17.1. The flaw allows an attacker to lure a logged-in user into authenticating to the attacker’s account, via a crafted request, effectively abusing the OAuth flow. The root cause is the plugin’s lack of a...

CVE-2023-39153

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account...

org.jenkins-ci.plugins:reverse-proxy-auth-plugin (>=1.3.3 <=1.6.3) potentially affected by CVE-2023-32978 via org.jenkins-ci.plugins:ldap (=1.8)

org.jenkins-ci.plugins:ldap MAVEN version =1.8 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ldap and may be impacted: - org.jenkins-ci.plugins:reverse-proxy-auth-plugin =1.3.3, =1.6.3 Source cves: CVE-2023-32978 Source advisor...

SUSE CVE-2022-21457

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2023-24457

A cross-site request forgery CSRF vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account...

CVE-2023-24457

A cross-site request forgery CSRF vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account...

CVE-2023-24424

Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account...