Lucene search
K

5 matches found

NVD
NVD
added 2023/08/21 11:15 p.m.29 views

CVE-2023-4301

A cross-site request forgery CSRF vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

5.4CVSS4.8AI score0.00196EPSS
Exploits0References1
CVE
CVE
added 2023/08/21 10:34 p.m.288 views

CVE-2023-4301

CVE-2023-4301 is a CSRF vulnerability in Jenkins Fortify Plugin (versions 22.1.38 and earlier). The issue arises because the plugin does not perform permission checks on several HTTP endpoints and endpoints do not require POST requests. This allows attackers with Overall/Read permission to connec...

5.4CVSS5.2AI score0.00196EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/21 10:34 p.m.12 views

CVE-2023-4301 CSRF vulnerability in Fortify Plugin allow capturing credentials

A cross-site request forgery CSRF vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.2CVSS6.6AI score0.00196EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2023/08/21 10:34 p.m.21 views

CVE-2023-4301

A cross-site request forgery CSRF vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

5.4CVSS6.8AI score0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/08/21 10:34 p.m.40 views

CVE-2023-4301 CSRF vulnerability in Fortify Plugin allow capturing credentials

A cross-site request forgery CSRF vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.2CVSS6.1AI score0.00196EPSS
Exploits0References1
Rows per page
Query Builder