Lucene search
+L

109 matches found

bdu_fstec
bdu_fstec
added 2024/02/02 12:0 a.m.12 views

The vulnerability of the Jenkins GitLab Branch Source Plugin, related to deficiencies in authentication procedures, allows attackers to gain unauthorized access to confidential information.

The vulnerability of the Jenkins GitLab Branch Source Plugin is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to confidential information...

5.3CVSS5.9AI score0.005EPSS
Exploits0References5Affected Software2
bdu_fstec
bdu_fstec
added 2024/02/02 12:0 a.m.7 views

The vulnerability of the Jenkins GitLab Branch Source Plugin, related to the manipulation of cross-site requests, allows a perpetrator to perform CSRF attacks.

The vulnerability of the Jenkins GitLab Branch Source Plugin is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...

5CVSS5.2AI score0.00323EPSS
Exploits0References4Affected Software2
bdu_fstec
bdu_fstec
added 2024/02/02 12:0 a.m.6 views

The vulnerability of the Jenkins GitLab Branch Source Plugin, related to access control deficiencies, allows attackers to configure and jointly use arbitrary projects.

The vulnerability of the Jenkins GitLab Branch Source Plugin is related to access control deficiencies. Exploiting this vulnerability allows a malicious actor to configure and jointly use arbitrary projects...

6.5CVSS6.7AI score0.00458EPSS
Exploits0References5Affected Software2
github
github
added 2024/01/24 6:31 p.m.29 views

Non-constant time webhook token comparison in Jenkins GitLab Branch Source Plugin

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier does not use a constant-time comparison function when checking whether the provided and expected webhook token are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. GitLab...

5.3CVSS5AI score0.005EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2024/01/24 6:15 p.m.34 views

CVE-2024-23902

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...

4.3CVSS4.4AI score0.00323EPSS
Exploits0References2
osv
osv
added 2024/01/24 6:15 p.m.5 views

CVE-2024-23901

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group...

6.5CVSS5.8AI score0.00458EPSS
Exploits0References2
osv
osv
added 2024/01/24 6:15 p.m.8 views

CVE-2024-23902

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...

4.3CVSS5.7AI score0.00323EPSS
Exploits0References2
nvd
nvd
added 2024/01/24 6:15 p.m.35 views

CVE-2024-23901

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group...

6.5CVSS6.2AI score0.00458EPSS
Exploits0References2
nvd
nvd
added 2024/01/24 6:15 p.m.37 views

CVE-2024-23903

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

5.3CVSS5AI score0.005EPSS
Exploits0References2
prion
prion
added 2024/01/24 6:15 p.m.26 views

Information disclosure

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group...

6.4CVSS6.7AI score0.00458EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2024/01/24 5:52 p.m.35 views

CVE-2024-23903

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

5.7AI score0.005EPSS
Exploits0References2
cvelist
cvelist
added 2024/01/24 5:52 p.m.39 views

CVE-2024-23902

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...

5.2AI score0.00323EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2024/01/24 5:52 p.m.17 views

CVE-2024-23903

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

6.4AI score0.005EPSS
Exploits0References2
cve
cve
added 2024/01/24 5:52 p.m.85 views

CVE-2024-23903

CVE-2024-23903 affects Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier, which uses a non-constant time comparison for validating webhook tokens. This non-constant-time check can enable attackers to infer a valid webhook token via statistical analysis. The connected GitHub advi...

5.3CVSS5.3AI score0.005EPSS
Exploits0References2Affected Software1
alpinelinux
alpinelinux
added 2024/01/24 5:52 p.m.66 views

CVE-2024-23902

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...

4.3CVSS7AI score0.00323EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2024/01/24 5:52 p.m.49 views

CVE-2024-23903

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

5.3CVSS6.9AI score0.005EPSS
Exploits0References2
cve
cve
added 2024/01/24 5:52 p.m.70 views

CVE-2024-23901

The CVE concerns Jenkins GitLab Branch Source Plugin versions 684.vea_fa_7c1e2fe3 and earlier. The vulnerability is that the plugin unconditionally discovers projects shared with the configured owner group, enabling attackers to configure and share a project, which can cause Jenkins to build a cr...

6.5CVSS6.3AI score0.00458EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2024/01/24 5:52 p.m.37 views

CVE-2024-23901

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group...

6.6AI score0.00458EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2024/01/24 5:52 p.m.54 views

CVE-2024-23901

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group...

6.5CVSS6.9AI score0.00458EPSS
Exploits0References2
cnnvd
cnnvd
added 2024/01/24 12:0 a.m.4 views

Jenkins Plugin GitLab Branch Source Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS6.7AI score0.00458EPSS
Exploits0References5
Rows per page
Query Builder