10 matches found
Jenkins CSRF Vulnerability (CVE-2023-35141) - Linux
Jenkins is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Jenkins CSRF Vulnerability (CVE-2023-35141) - Windows
Jenkins is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Jenkins LTS < 2.401.1 / Jenkins weekly < 2.400 XSRF
According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.401.1 or Jenkins weekly prior to 2.400. It is, therefore, affected by the following vulnerability: - In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1602 more potentially affected by CVE-2023-35141 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.40)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2023-35141 Source advisory: OSV:GHSA-98FP-R22G-WPJ7...
CVE-2023-35141
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...
CVE-2023-35141
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...
CVE-2023-35141
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...
CVE-2023-35141
CVE-2023-35141 affects Jenkins 2.399 and earlier (LTS 2.387.3 and earlier). A CSRF-like issue arises from POST requests loaded to enumerate context actions; if part of the URL includes insufficiently escaped user-provided values, a user may be tricked into sending a POST to an unintended endpoint...
CVE-2023-35141
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...
FreeBSD : jenkins -- CSRF protection bypass vulnerability (b4db7d78-bb62-4f4c-9326-6e9fc2ddd400)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b4db7d78-bb62-4f4c-9326-6e9fc2ddd400 advisory. - In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the li...