89 matches found
Code injection
Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account...
CVE-2023-33006
A cross-site request forgery CSRF vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account...
CVE-2023-33006
Jenkins WSO2 Oauth Plugin (1.0 and earlier) contains a CSRF vulnerability. The root cause is the plugin not implementing a proper state parameter in the OAuth flow, enabling attackers to trick users into logging in to the attacker’s account. Impact described in multiple sources (CVE-2023-33006) a...
CVE-2023-33006
A cross-site request forgery CSRF vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account...
CVE-2023-33005
CVE-2023-33005 concerns the Jenkins WSO2 Oauth Plugin (1.0 and earlier) not invalidating a previous login session, creating a session-fixation risk. The vulnerability is described across multiple sources as allowing an attacker to reuse an existing authenticated session or trick a user into a log...
Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.15 Multiple Vulnerabilities (CloudBees Security Advisory 2023-04-12)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.15. It is, therefore, affected by multiple vulnerabilities including the following: - Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask i.e....
Jenkins WSO2 Oauth Plugin does not mask the WSO2 Oauth client secret on the global configuration form
Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller as part of its configuration. This client secret can be viewed by users with access to the Jenkins controller file system. Additionally, the global...
CVE-2023-30527
Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2023-30528
Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it...
CVE-2023-30528
CVE-2023-30528 affects Jenkins WSO2 Oauth Plugin 1.0 and earlier. Root cause: the WSO2 Oauth client secret is stored unencrypted in the global config.xml and the global configuration form does not mask the secret, enabling observers with Jenkins controller file-system access to view the secret. I...
CVE-2023-30528
Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it...
CVE-2023-30528
Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it...
CVE-2023-30527
Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2023-30527
Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
PT-2023-22755 · Jenkins · Jenkins Wso2 Oauth Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins WSO2 Oauth Plugin versions 1.0 and earlier Description: The issue concerns the storage of the WSO2 Oauth client secret in an unencrypted form within the global config.xml file on the Jenkins controller. This file can be accessed by...
Jenkins Plugin WSO2 Oauth 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2023-13987 · WordPress · Wp Oauth Server
Name of the Vulnerable Software and Affected Versions: WP OAuth Server OAuth Authentication plugin versions prior to 4.3.0 Description: The issue is related to a flawed CSRF and authorisation check when deleting a client. This could allow any authenticated users, such as subscribers, to delete...
Cross-site request forgery vulnerability in Jenkins Bitbucket OAuth Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account...
CVE-2023-24428
A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account...