CVE-2023-39153

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account...

CVE-2023-39153

CVE-2023-39153 is a CSRF vulnerability in Jenkins GitLab Authentication Plugin versions ≤ 1.17.1. The flaw allows an attacker to lure a logged-in user into authenticating to the attacker’s account, via a crafted request, effectively abusing the OAuth flow. The root cause is the plugin’s lack of a...

CVE-2023-39153

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account...

The vulnerability of the Jenkins SAML Single Sign On (SSO) plugin, which stems from the lack of SSL/TLS certificate verification, allows attackers to disclose sensitive information.

The vulnerability of the Jenkins SAML Single Sign On SSO plugin is related to the lack of SSL/TLS certificate verification. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

org.jenkins-ci.plugins:reverse-proxy-auth-plugin (>=1.3.3 <=1.6.3) potentially affected by CVE-2023-32978 via org.jenkins-ci.plugins:ldap (=1.8)

org.jenkins-ci.plugins:ldap MAVEN version =1.8 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ldap and may be impacted: - org.jenkins-ci.plugins:reverse-proxy-auth-plugin =1.3.3, =1.6.3 Source cves: CVE-2023-32978 Source advisor...

SUSE CVE-2022-21457

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2023-24457

A cross-site request forgery CSRF vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account...

CVE-2023-24457

A cross-site request forgery CSRF vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account...

CVE-2023-24424

Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account...

CVE-2023-24424

Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login...

PT-2023-19616 · Jenkins · Jenkins Keycloak Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Keycloak Authentication Plugin versions 2.3.0 and earlier Description: The issue arises because the plugin does not invalidate the previous session on login, which could lead to security concerns. Recommendations: For versions 2.3.0 a...

CVE-2023-24424

CVE-2023-24424 affects the Jenkins OpenId Connect Authentication Plugin (versions 2.4 and earlier). The vulnerability arises because the plugin does not invalidate an existing session on login, enabling potential unauthorized access via social engineering or session fixation. Reported impact is h...

CVE-2023-24457

CVE-2023-24457 describes a CSRF vulnerability in the Jenkins Keycloak Authentication Plugin (versions

CVE-2023-24456

CVE-2023-24456 affects Jenkins Keycloak Authentication Plugin 2.3.0 and earlier. The issue: login does not invalidate the previous session, enabling session fixation. Impact noted as high/critical (CVSS 3.1 base 9.8). Affected versions: 2.3.0 and earlier. Remediation guidance in connected docs: u...

CVE-2023-24457

A cross-site request forgery CSRF vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account...

CVE-2023-24457

A cross-site request forgery CSRF vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account...

Moodle 输入验证错误漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle Plugin SAML Auth, which stems from allowing redirects to be opened via unspecified vectors...

CVE-2022-45073 WordPress REST API Authentication plugin <= 2.4.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in REST API Authentication plugin = 2.4.0 on WordPress...