3 results (0.004 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login. • https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3000 • CWE-384: Session Fixation •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. Jenkins CAS Plugin versiones 1.6.0 y anteriores determina inapropiadamente que una URL de redireccionamiento después del inicio de sesión está apuntando legítimamente a Jenkins, permitiendo a atacantes llevar a cabo ataques de phishing • http://www.openwall.com/lists/oss-security/2021/06/30/1 https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-2387 •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. Existe una vulnerabilidad Server-Side Request Forgery en el plugin CAS en versiones 1.4.1 y anteriores de Jenkins en CasSecurityRealm.java que permite que los atacantes con acceso Overall/Read provoquen que Jenkins envíe una petición GET a un URL específico. • https://jenkins.io/security/advisory/2018-06-04/#SECURITY-809 • CWE-918: Server-Side Request Forgery (SSRF) •