• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2023-24429
2023-02-04
N/A
9.8 CRITICAL
Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
CVE-2023-24428
2023-02-04
N/A
5.7 MEDIUM
A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account.
CVE-2023-24427
2023-02-04
N/A
9.8 CRITICAL
Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login.
CVE-2023-24426
2023-02-03
N/A
8.8 HIGH
Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login.
CVE-2023-24425
2023-02-03
N/A
6.5 MEDIUM
Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to.
CVE-2023-24424
2023-02-03
N/A
8.8 HIGH
Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login.
CVE-2023-24423
2023-02-03
N/A
6.5 MEDIUM
A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit.
CVE-2023-24422
2023-02-04
N/A
8.8 HIGH
A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
CVE-2023-24388
Booking Calendar, Wpdevart
Booking_calendar, Coming_soon_and_maintenance_mode, Countdown_and_countup,_woocommerce_sales_timer, Download_image_and_video_lightbox,_image_popup, Duplicate_page_or_post, Gallery, Image_and_video_gallery_with_thumbnails, Organization_chart, Poll,_survey,_questionnaire_and_voting_system, Pricing_table_builder
2023-02-17
N/A
N/A
Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete).
CVE-2023-24382
2023-02-22
N/A
8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Photon WP Material Design Icons for Page Builders plugin <= 1.4.2 versions.
« Previous 1 … 11,112 11,113 11,114 11,115 11,116 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE