Lucene search
K

10 matches found

OpenVAS
OpenVAS
added 2023/06/19 12:0 a.m.13 views

Jenkins CSRF Vulnerability (CVE-2023-35141) - Linux

Jenkins is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8CVSS8.8AI score0.0086EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/06/19 12:0 a.m.15 views

Jenkins CSRF Vulnerability (CVE-2023-35141) - Windows

Jenkins is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8CVSS8.8AI score0.0086EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/06/16 12:0 a.m.65 views

Jenkins LTS < 2.401.1 / Jenkins weekly < 2.400 XSRF

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.401.1 or Jenkins weekly prior to 2.400. It is, therefore, affected by the following vulnerability: - In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST...

8CVSS7.5AI score0.0086EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2023/06/14 3:30 p.m.7 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1602 more potentially affected by CVE-2023-35141 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.40)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2023-35141 Source advisory: OSV:GHSA-98FP-R22G-WPJ7...

8CVSS7.1AI score0.0086EPSS
Exploits0
NVD
NVD
added 2023/06/14 1:15 p.m.21 views

CVE-2023-35141

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...

8CVSS8.7AI score0.0086EPSS
Exploits0References2
OSV
OSV
added 2023/06/14 1:15 p.m.18 views

CVE-2023-35141

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...

8CVSS6.9AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/06/14 12:53 p.m.7 views

CVE-2023-35141

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...

6.5AI score0.0086EPSS
Exploits0References2
CVE
CVE
added 2023/06/14 12:53 p.m.112 views

CVE-2023-35141

CVE-2023-35141 affects Jenkins 2.399 and earlier (LTS 2.387.3 and earlier). A CSRF-like issue arises from POST requests loaded to enumerate context actions; if part of the URL includes insufficiently escaped user-provided values, a user may be tricked into sending a POST to an unintended endpoint...

8CVSS7.5AI score0.0086EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/06/14 12:53 p.m.23 views

CVE-2023-35141

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...

7.9AI score0.0086EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/06/14 12:0 a.m.21 views

FreeBSD : jenkins -- CSRF protection bypass vulnerability (b4db7d78-bb62-4f4c-9326-6e9fc2ddd400)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b4db7d78-bb62-4f4c-9326-6e9fc2ddd400 advisory. - In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the li...

8CVSS7.6AI score0.0086EPSS
Exploits0References3
Rows per page
Query Builder