4 matches found
CVE-2023-35148
A cross-site request forgery CSRF vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
Jenkins plugins Multiple Vulnerabilities (2023-06-14)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default. CVE-2023-3514...
CVE-2023-35148
CVE-2023-35148 refers to a CSRF vulnerability in Jenkins Digital.ai App Management Publisher Plugin (version 2.6 and earlier). The core issue is missing permission checks across several HTTP endpoints, allowing an attacker with Overall/Read permission to cause the controller to connect to an atta...
CVE-2023-35148
A cross-site request forgery CSRF vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins...