Lucene search
K
JenkinsGitlab Authentication

4 matches found

CVE
CVE
added 2023/07/26 1:54 p.m.2789 views

CVE-2023-39153

CVE-2023-39153 is a CSRF vulnerability in Jenkins GitLab Authentication Plugin versions ≤ 1.17.1. The flaw allows an attacker to lure a logged-in user into authenticating to the attacker’s account, via a crafted request, effectively abusing the OAuth flow. The root cause is the plugin’s lack of a...

5.4CVSS5.3AI score0.00608EPSS
CVE
CVE
added 2022/02/15 4:11 p.m.154 views

CVE-2022-25196

CVE-2022-25196 affects the Jenkins GitLab Authentication Plugin (1.13 and earlier). The vulnerability arises because the plugin records the HTTP Referer header as part of the URL query parameters at the start of authentication, enabling an attacker with Jenkins access to craft a login URL that re...

5.4CVSS5.6AI score0.00724EPSS
CVE
CVE
added 2022/03/15 4:45 p.m.117 views

CVE-2022-27206

CVE-2022-27206 affects Jenkins GitLab Authentication Plugin 1.13 and earlier. It stores the GitLab client secret unencrypted in the global config.xml on the Jenkins controller, enabling access to the secret by users with filesystem access. The provided connected documents do not specify an availa...

6.5CVSS6.4AI score0.00979EPSS
CVE
CVE
added 2020/07/15 5:0 p.m.80 views

CVE-2020-2228

The CVE-2020-2228 issue affects Jenkins Gitlab Authentication Plugin; versions 1.5 and earlier fail to differentiate between user names and hierarchical group names during authorization, enabling privilege escalation. The root cause is improper authorization checks when the same base name is used...

8.8CVSS8.9AI score0.01433EPSS