CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the attacker...

4.3CVSS6.7AI score0.00272EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:2 p.m.•10 views

CVE-2020-2203

A cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs...

4.3CVSS6.7AI score0.00528EPSS

Exploits0

BDU FSTEC•added 2023/10/14 12:0 a.m.•2 views

The vulnerability of the Jenkins Fortify Plugin relates to the lack of protective measures for website structures, allowing attackers to perform HTML injections.

The vulnerability of the Jenkins Fortify Plugin is related to the lack of security measures for website structures. Exploiting this vulnerability allows a malicious actor to perform HTML injection remotely...

6.4CVSS6.3AI score0.00263EPSS

Exploits0References3Affected Software1

BDU FSTEC•added 2023/10/14 12:0 a.m.•1 views

The vulnerability of the Jenkins Fortify Plugin, related to authentication errors, allows a hacker to gain access to another user’s session.

The vulnerability of the Jenkins Fortify Plugin is related to authentication errors. Exploiting this vulnerability can allow a malicious actor to gain access to another user’s session...

4.3CVSS5.5AI score0.00221EPSS

Exploits0References2Affected Software1

BDU FSTEC•added 2023/10/14 12:0 a.m.•1 views

The vulnerability of the Jenkins Fortify Plugin, related to insufficient validation of the authenticity of executed requests, allows a attacker to perform a CSRF attack.

The vulnerability of the Jenkins Fortify Plugin is related to insufficient validation of the authenticity of executed requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...

6.4CVSS5.8AI score0.00214EPSS

Exploits0References2Affected Software1

OSV•added 2023/08/21 11:15 p.m.•2 views

CVE-2023-4303

Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability...

6.1CVSS6.4AI score0.00263EPSS

Exploits0References1

NVD•added 2023/08/21 11:15 p.m.•20 views

CVE-2023-4302

A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS4.4AI score0.00221EPSS

Exploits0References1

OSV•added 2023/08/21 11:15 p.m.•3 views

CVE-2023-4302

4.3CVSS5.8AI score0.00221EPSS

Exploits0References1

NVD•added 2023/08/21 11:15 p.m.•15 views

CVE-2023-4301

A cross-site request forgery CSRF vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

5.4CVSS4.8AI score0.00214EPSS

Exploits0References1