CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the attacker...

4.3CVSS6.7AI score0.00272EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:2 p.m.•6 views

CVE-2020-2203

A cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs...

4.3CVSS6.7AI score0.00528EPSS

Exploits0

OSV•added 2023/08/22 12:31 a.m.•22 views

GHSA-3FJV-8R82-6XM9 Jenkins Fortify Plugin cross-site request forgery vulnerability

Jenkins Fortify Plugin 22.1.38 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials store...

4.2CVSS5.1AI score0.00214EPSS

Exploits0References4

Github Security Blog•added 2023/08/22 12:31 a.m.•19 views

Jenkins Fortify Plugin HTML injection vulnerability

Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method. This results in an HTML injection vulnerability. Fortify Plugin 22.2.39 removes HTML tags from the error message...

6.1CVSS7.1AI score0.00263EPSS

Exploits0References4Affected Software1

Github Security Blog•added 2023/08/22 12:31 a.m.•23 views

Jenkins Fortify Plugin cross-site request forgery vulnerability

5.4CVSS6.5AI score0.00214EPSS

Exploits0References4Affected Software1

OSV•added 2023/08/22 12:31 a.m.•15 views

GHSA-223M-PGCQ-F3XG Jenkins Fortify Plugin HTML injection vulnerability

4.3CVSS5.5AI score0.00263EPSS

Exploits0References4

OSV•added 2023/08/22 12:31 a.m.•16 views

GHSA-4XMF-344Q-M4CC Jenkins Fortify Plugin missing permission check

4.2CVSS4.8AI score0.00221EPSS

Exploits0References4

Github Security Blog•added 2023/08/22 12:31 a.m.•18 views

Jenkins Fortify Plugin missing permission check

4.3CVSS6.5AI score0.00221EPSS

Exploits0References4Affected Software1

OSV•added 2023/08/21 11:15 p.m.•1 views

CVE-2023-4303

Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability...

6.1CVSS6.4AI score0.00263EPSS

Exploits0References1

NVD•added 2023/08/21 11:15 p.m.•19 views

CVE-2023-4302

A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS4.4AI score0.00221EPSS

Exploits0References1

OSV•added 2023/08/21 11:15 p.m.•0 views

CVE-2023-4301

A cross-site request forgery CSRF vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

5.4CVSS5.7AI score

Exploits0References1

OSV•added 2023/08/21 11:15 p.m.•2 views

CVE-2023-4302

4.3CVSS5.8AI score0.00221EPSS

Exploits0References1

NVD•added 2023/08/21 11:15 p.m.•14 views

CVE-2023-4301

5.4CVSS4.8AI score0.00214EPSS

Exploits0References1

Rows per page