Lucene search
+L

89 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:43 a.m.22 views

CVE-2023-30527

Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

4.3CVSS6.7AI score0.00323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:42 a.m.13 views

CVE-2023-30528

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it...

6.5CVSS6.7AI score0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:21 a.m.8 views

CVE-2023-24428

A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account...

5.7CVSS6.7AI score0.00484EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:15 a.m.15 views

CVE-2019-10460

Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system...

7.8CVSS6.5AI score0.00333EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/16 9:20 p.m.18 views

CVE-2025-47889

In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist...

9.8CVSS7.2AI score0.00616EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/05/14 9:31 p.m.16 views

Jenkins WSO2 Oauth Plugin Fails to Properly Authenticate User Credentials

In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist...

9.8CVSS7.1AI score0.00616EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/05/14 9:31 p.m.24 views

GHSA-P89H-P4PH-4VJ6 Jenkins WSO2 Oauth Plugin Fails to Properly Authenticate User Credentials

In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist...

9.8CVSS7AI score0.00616EPSS
Exploits0References2
NVD
NVD
added 2025/05/14 9:15 p.m.37 views

CVE-2025-47889

In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist...

9.8CVSS0.00616EPSS
Exploits0References1
OSV
OSV
added 2025/05/14 9:15 p.m.5 views

CVE-2025-47889

In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist...

9.8CVSS5.8AI score0.00616EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/14 8:35 p.m.9 views

CVE-2025-47889

In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist...

9.7AI score0.00616EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/14 8:35 p.m.49 views

CVE-2025-47889

In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist...

0.00616EPSS
Exploits0References1
CVE
CVE
added 2025/05/14 8:35 p.m.102 views

CVE-2025-47889

CVE-2025-47889 affects Jenkins WSO2 Oauth Plugin 1.0 and earlier. The root cause is that authentication claims are accepted without validation by the WSO2 Oauth security realm, enabling unauthenticated logins with any username/password (including non-existent usernames). This can grant accessed c...

9.8CVSS7.5AI score0.00616EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/05/14 12:0 a.m.6 views

Jenkins plugin WSO2 Oauth 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

9.8CVSS9.3AI score0.00616EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.12 views

Jenkins plugins Multiple Vulnerabilities (2025-05-14)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Critical In WSO2 Oauth Plugin 1.0 and earlier authentication claims are accepted without validation by the WSO2 Oauth security realm. This...

9.8CVSS8.6AI score0.00616EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.12 views

PT-2025-21242 · Jenkins · Jenkins Wso2 Oauth Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins WSO2 Oauth Plugin versions 1.0 and earlier Description: The issue allows unauthenticated attackers to log in to controllers using the "WSO2 Oauth" security realm with any username and any password, including usernames that do not exis...

9.8CVSS9.5AI score0.00616EPSS
Exploits0References20
OSV
OSV
added 2025/02/25 5:48 p.m.16 views

CVE-2025-23046 GLPI vulnerable to unauthorized authentication by email using the OAuthIMAP plugin

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone can connect to GLPI using a user name on which an Oauth...

6.3CVSS4.8AI score0.0042EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2024/09/19 12:0 a.m.3 views

VulnCheck KEV: CVE-2017-9506

The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery SSRF...

6.1CVSS5.8AI score0.71601EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2024/05/02 12:0 a.m.8 views

The vulnerability of the Jenkins WSO2 Oauth Plugin relates to incorrect session expiration times, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the Jenkins WSO2 Oauth Plugin is related to an incorrect session expiration time. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

6.4CVSS5.9AI score0.00431EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/24 12:0 a.m.5 views

PT-2023-24583 · Liferay · Plugin For Oauth 2.0 +2

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.41 through 7.4.3.52 Liferay DXP 7.4 update 41 through 52 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect...

6.1CVSS6.1AI score0.00462EPSS
Exploits0References8
NVD
NVD
added 2023/05/16 5:15 p.m.24 views

CVE-2023-33006

A cross-site request forgery CSRF vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account...

5.4CVSS5.5AI score0.00319EPSS
Exploits0References1
Rows per page
Query Builder