CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

Tenable Nessus•added 2023/09/07 12:0 a.m.•57 views

Jenkins plugins Multiple Vulnerabilities (2023-09-06)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a histo...

8.8CVSS6.7AI score0.06937EPSS

Exploits0References20

NVD•added 2023/09/06 1:15 p.m.•18 views

CVE-2023-41942

A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...

4.3CVSS5AI score0.00056EPSS

Exploits0References2

OSV•added 2023/09/06 1:15 p.m.•2 views

CVE-2023-41942

A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...

4.3CVSS5.7AI score0.00056EPSS

Exploits0References2

Prion•added 2023/09/06 1:15 p.m.•16 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...

4.3CVSS4.6AI score0.00056EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2023/09/06 12:9 p.m.•11 views

CVE-2023-41944

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability...

6.7AI score0.002EPSS

Exploits0References2

CVE•added 2023/09/06 12:9 p.m.•103 views

CVE-2023-41944

CVE-2023-41944 concerns the Jenkins AWS CodeCommit Trigger Plugin (versions

6.1CVSS6.2AI score0.002EPSS

Exploits0References2Affected Software1

Cvelist•added 2023/09/06 12:9 p.m.•18 views

CVE-2023-41942

A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...

5.3AI score0.00056EPSS

Exploits0References2

Vulnrichment•added 2023/09/06 12:9 p.m.•11 views

CVE-2023-41942

A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...

6.7AI score0.00056EPSS

Exploits0References2

Cvelist•added 2023/09/06 12:8 p.m.•16 views

CVE-2023-41941

A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins...

5.2AI score0.00088EPSS

Exploits0References2

AlpineLinux•added 2023/09/06 12:8 p.m.•44 views

CVE-2023-41941

4.3CVSS6.7AI score0.00088EPSS

Exploits0References2

Vulnrichment•added 2023/09/06 12:8 p.m.•15 views

CVE-2023-41941

6.4AI score0.00088EPSS

Exploits0References2

Positive Technologies•added 2023/09/06 12:0 a.m.•2 views

PT-2023-28181 · Jenkins · Jenkins Aws Codecommit Trigger Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins AWS CodeCommit Trigger Plugin versions 3.0.12 and earlier Description: The issue arises from a lack of permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue. This can be exploited...

6.5CVSS6.2AI score0.00078EPSS

Exploits0References7

Vulnrichment•added 2023/06/14 12:53 p.m.•59 views

CVE-2023-35147

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system...

7AI score0.00562EPSS

Exploits0References2

Positive Technologies•added 2023/06/14 12:0 a.m.•3 views

PT-2023-25166 · Jenkins · Jenkins Aws Codecommit Trigger Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins AWS CodeCommit Trigger Plugin versions 3.0.12 and earlier Description: The issue allows attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system due to the lack of restriction...

6.5CVSS6.7AI score0.00562EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by