Lucene search
K

106 matches found

BDU FSTEC
BDU FSTEC
added 2024/02/02 12:0 a.m.8 views

The vulnerability of the Jenkins GitLab Branch Source Plugin, related to deficiencies in authentication procedures, allows attackers to gain unauthorized access to confidential information.

The vulnerability of the Jenkins GitLab Branch Source Plugin is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to confidential information...

5.3CVSS5.9AI score0.005EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2024/01/24 6:15 p.m.34 views

CVE-2024-23901

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group...

6.5CVSS6.2AI score0.00458EPSS
Exploits0References2
NVD
NVD
added 2024/01/24 6:15 p.m.35 views

CVE-2024-23903

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

5.3CVSS5AI score0.005EPSS
Exploits0References2
OSV
OSV
added 2024/01/24 6:15 p.m.1 views

CVE-2024-23903

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

5.3CVSS5.8AI score0.005EPSS
Exploits0References2
OSV
OSV
added 2024/01/24 6:15 p.m.5 views

CVE-2024-23902

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...

4.3CVSS5.7AI score0.00323EPSS
Exploits0References2
NVD
NVD
added 2024/01/24 6:15 p.m.33 views

CVE-2024-23902

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...

4.3CVSS4.4AI score0.00323EPSS
Exploits0References2
Prion
Prion
added 2024/01/24 6:15 p.m.24 views

Information disclosure

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group...

6.4CVSS6.7AI score0.00458EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/24 5:52 p.m.15 views

CVE-2024-23903

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

6.4AI score0.005EPSS
Exploits0References2
CVE
CVE
added 2024/01/24 5:52 p.m.83 views

CVE-2024-23903

CVE-2024-23903 affects Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier, which uses a non-constant time comparison for validating webhook tokens. This non-constant-time check can enable attackers to infer a valid webhook token via statistical analysis. The connected GitHub advi...

5.3CVSS5.3AI score0.005EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/01/24 5:52 p.m.31 views

CVE-2024-23903

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

5.7AI score0.005EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/01/24 5:52 p.m.35 views

CVE-2024-23902

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...

5.2AI score0.00323EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2024/01/24 5:52 p.m.25 views

CVE-2024-23903

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

5.3CVSS6.9AI score0.005EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2024/01/24 5:52 p.m.30 views

CVE-2024-23902

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...

4.3CVSS7AI score0.00323EPSS
Exploits0References2
CVE
CVE
added 2024/01/24 5:52 p.m.68 views

CVE-2024-23901

The CVE concerns Jenkins GitLab Branch Source Plugin versions 684.vea_fa_7c1e2fe3 and earlier. The vulnerability is that the plugin unconditionally discovers projects shared with the configured owner group, enabling attackers to configure and share a project, which can cause Jenkins to build a cr...

6.5CVSS6.3AI score0.00458EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/01/24 5:52 p.m.34 views

CVE-2024-23901

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group...

6.6AI score0.00458EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2024/01/24 5:52 p.m.33 views

CVE-2024-23901

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group...

6.5CVSS6.9AI score0.00458EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/01/24 12:0 a.m.3 views

PT-2024-1426 · Jenkins +1 · Jenkins Gitlab Branch Source Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins GitLab Branch Source Plugin versions 684.vea fa 7c1e2fe3 and earlier Description: The issue is related to the use of a non-constant time comparison function when checking whether the provided and expected webhook token are equal. This...

5.3CVSS6.4AI score0.005EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2024/01/24 12:0 a.m.3 views

PT-2024-1424 · Jenkins +1 · Jenkins Gitlab Branch Source Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins GitLab Branch Source Plugin versions 684.vea fa 7c1e2fe3 and earlier Description: The issue is related to insufficient access control in the Jenkins GitLab Branch Source Plugin. This allows attackers to configure and share a project,...

6.5CVSS6.6AI score0.00458EPSS
Exploits0References11
Fedora
Fedora
added 2023/12/06 1:47 a.m.9 views

[SECURITY] Fedora 38 Update: rust-gst-plugin-reqwest-0.11.1-2.fc38

GStreamer reqwest HTTP Source Plugin...

7.4AI score
Exploits0
Fedora
Fedora
added 2023/12/06 1:40 a.m.11 views

[SECURITY] Fedora 39 Update: rust-gst-plugin-reqwest-0.11.1-2.fc39

GStreamer reqwest HTTP Source Plugin...

7.4AI score
Exploits0
Rows per page
Query Builder