4 matches found
RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2024:0777)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0777 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...
CVE-2023-37946
A flaw was found in the Jenkins OpenShift Login Plugin. Affected versions of this plugin could allow a remote attacker to bypass security restrictions caused by not invalidating the existing session on login. By persuading a victim to visit a specially crafted Web site, an attacker can gain...
CVE-2023-37946
Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb1a20 and earlier does not invalidate the previous session on login...
CVE-2023-37946
CVE-2023-37946 concerns the Jenkins OpenShift Login Plugin (versions up to 1.1.0.227.v27e08dfb_1a_20 and earlier) where login does not invalidate the previous session, enabling session fixation. The CVSSv3.1 base score is 8.8 (HIGH) with NETWORK attack vector, user interaction required. Red Hat a...