9 matches found
CVE-2018-1000188
A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL...
EUVD-2022-2055
Malicious code in bioql PyPI...
EUVD-2023-1559
Malicious code in bioql PyPI...
CVE-2023-32997
Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login...
CVE-2021-21673
Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks...
CVE-2023-32997
Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login...
PT-2023-24128 · Jenkins · Jenkins Cas Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins CAS Plugin versions 1.6.2 and earlier Description: The issue allows attackers to use social engineering techniques to gain administrator access to Jenkins because the previous session is not invalidated on login. Recommendations: For...
Jenkins CAS Plugin Input Validation Error Vulnerability
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . An input validation error vulnerability exists in Jenkins CAS Plugin 1.6.0 and earlier versions, which stems from Jenki...
CVE-2021-21673
Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks...