CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37953
https://notcve.org/view.php?id=CVE-2023-37953
A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. • http://www.openwall.com/lists/oss-security/2023/07/12/2 https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3127 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37952
https://notcve.org/view.php?id=CVE-2023-37952
A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. • http://www.openwall.com/lists/oss-security/2023/07/12/2 https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3127 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37951
https://notcve.org/view.php?id=CVE-2023-37951
Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. • http://www.openwall.com/lists/oss-security/2023/07/12/2 https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3137%20(2) • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37950
https://notcve.org/view.php?id=CVE-2023-37950
A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. • http://www.openwall.com/lists/oss-security/2023/07/12/2 https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3137%20(1) • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10283
https://notcve.org/view.php?id=CVE-2019-10283
Jenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. El plugin mabl de Jenkins almacena credenciales sin cifrar en archivos config.xml de tareas en el servidor maestro de Jenkins donde dichas credenciales pueden ser visualizadas por los usuarios con permisos de lectura extendidos o con acceso al sistema de archivos maestro. • http://www.openwall.com/lists/oss-security/2019/04/12/2 http://www.securityfocus.com/bid/107790 https://jenkins.io/security/advisory/2019-04-03/#SECURITY-946 • CWE-522: Insufficiently Protected Credentials •