Lucene search
K

89 matches found

Prion
Prion
added 2023/05/16 5:15 p.m.20 views

Code injection

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login...

5.8CVSS5.5AI score0.00431EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/05/16 5:15 p.m.19 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account...

5.8CVSS5.4AI score0.00319EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/16 4:0 p.m.11 views

CVE-2023-33006

A cross-site request forgery CSRF vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account...

6.7AI score0.00319EPSS
Exploits0References1
CVE
CVE
added 2023/05/16 4:0 p.m.61 views

CVE-2023-33006

Jenkins WSO2 Oauth Plugin (1.0 and earlier) contains a CSRF vulnerability. The root cause is the plugin not implementing a proper state parameter in the OAuth flow, enabling attackers to trick users into logging in to the attacker’s account. Impact described in multiple sources (CVE-2023-33006) a...

5.4CVSS5.4AI score0.00319EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/16 4:0 p.m.32 views

CVE-2023-33006

A cross-site request forgery CSRF vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account...

5.7AI score0.00319EPSS
Exploits0References1
CVE
CVE
added 2023/05/16 4:0 p.m.59 views

CVE-2023-33005

CVE-2023-33005 concerns the Jenkins WSO2 Oauth Plugin (1.0 and earlier) not invalidating a previous login session, creating a session-fixation risk. The vulnerability is described across multiple sources as allowing an attacker to reuse an existing authenticated session or trick a user into a log...

5.4CVSS5.5AI score0.00431EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/04/13 12:0 a.m.24 views

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.15 Multiple Vulnerabilities (CloudBees Security Advisory 2023-04-12)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.15. It is, therefore, affected by multiple vulnerabilities including the following: - Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask i.e....

8.8CVSS5.9AI score0.0078EPSS
Exploits0References21
Github Security Blog
Github Security Blog
added 2023/04/12 6:30 p.m.28 views

Jenkins WSO2 Oauth Plugin does not mask the WSO2 Oauth client secret on the global configuration form

Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller as part of its configuration. This client secret can be viewed by users with access to the Jenkins controller file system. Additionally, the global...

6.5CVSS6.6AI score0.00397EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/04/12 6:15 p.m.29 views

CVE-2023-30527

Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

4.3CVSS4.5AI score0.00323EPSS
Exploits0References2
NVD
NVD
added 2023/04/12 6:15 p.m.18 views

CVE-2023-30528

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it...

6.5CVSS6.5AI score0.00397EPSS
Exploits0References2
CVE
CVE
added 2023/04/12 5:5 p.m.58 views

CVE-2023-30528

CVE-2023-30528 affects Jenkins WSO2 Oauth Plugin 1.0 and earlier. Root cause: the WSO2 Oauth client secret is stored unencrypted in the global config.xml and the global configuration form does not mask the secret, enabling observers with Jenkins controller file-system access to view the secret. I...

6.5CVSS6.4AI score0.00397EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/04/12 5:5 p.m.23 views

CVE-2023-30528

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it...

6.6AI score0.00397EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/04/12 5:5 p.m.6 views

CVE-2023-30528

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it...

7AI score0.00397EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/04/12 5:5 p.m.36 views

CVE-2023-30527

Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

4.8AI score0.00323EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/04/12 5:5 p.m.9 views

CVE-2023-30527

Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

6.6AI score0.00323EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/12 12:0 a.m.7 views

PT-2023-22755 · Jenkins · Jenkins Wso2 Oauth Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins WSO2 Oauth Plugin versions 1.0 and earlier Description: The issue concerns the storage of the WSO2 Oauth client secret in an unencrypted form within the global config.xml file on the Jenkins controller. This file can be accessed by...

4.3CVSS6.3AI score0.00323EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/04/12 12:0 a.m.7 views

Jenkins Plugin WSO2 Oauth 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.2AI score0.00323EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/03/20 12:0 a.m.12 views

PT-2023-13987 · WordPress · Wp Oauth Server

Name of the Vulnerable Software and Affected Versions: WP OAuth Server OAuth Authentication plugin versions prior to 4.3.0 Description: The issue is related to a flawed CSRF and authorisation check when deleting a client. This could allow any authenticated users, such as subscribers, to delete...

4.3CVSS7.2AI score0.00262EPSS
Exploits2References8
Github Security Blog
Github Security Blog
added 2023/01/26 9:30 p.m.22 views

Cross-site request forgery vulnerability in Jenkins Bitbucket OAuth Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account...

5.7CVSS6.4AI score0.00484EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/01/26 9:18 p.m.27 views

CVE-2023-24428

A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account...

5.7CVSS5.5AI score0.00484EPSS
Exploits0References1
Rows per page
Query Builder