Cas@* Security Vulnerabilities and Issues — Cas@* CVE List

Lucene search

JenkinsCas*

5 matches found

CVE•added 2021/06/30 5:15 p.m.•81 views

CVE-2021-21673

Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.

6.1CVSS6.3AI score0.00077EPSS

CVE•added 2024/05/23 6:15 a.m.•81 views

CVE-2024-4388

This does not validate a path generated with user input when downloading files, allowing unauthenticated user to download arbitrary files from the server

7.5CVSS7.6AI score0.00192EPSS

CVE•added 2024/05/23 6:15 a.m.•77 views

CVE-2024-4399

The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack

9.1CVSS9.2AI score0.24466EPSS

CVE•added 2018/06/05 8:29 p.m.•53 views

CVE-2018-1000188

A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

5.5CVSS5.3AI score0.00031EPSS

CVE•added 2023/05/16 5:15 p.m.•49 views

CVE-2023-32997

Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.

8.8CVSS8.6AI score0.00189EPSS