CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40339 – jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin
https://notcve.org/view.php?id=CVE-2023-40339
Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log. A flaw was found in the Config File Provider Jenkins Plugin. Affected versions of this plugin do not mask (replace with asterisks) credentials specified in configuration files when they're written to the build log. • http://www.openwall.com/lists/oss-security/2023/08/16/3 https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3090 https://access.redhat.com/security/cve/CVE-2023-40339 https://bugzilla.redhat.com/show_bug.cgi?id=2232423 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40338 – jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin
https://notcve.org/view.php?id=CVE-2023-40338
Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system. A flaw was found in the Jenkins Folders plugin. Affected versions of this plugin display an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available. This flaw exposes information about the Jenkins controller file system. • http://www.openwall.com/lists/oss-security/2023/08/16/3 https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3109 https://access.redhat.com/security/cve/CVE-2023-40338 https://bugzilla.redhat.com/show_bug.cgi?id=2232426 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40337 – jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin
https://notcve.org/view.php?id=CVE-2023-40337
A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder. A flaw was found in the Jenkins Folders plugin. Affected versions of this plugin allow attackers to copy a view inside a folder. • http://www.openwall.com/lists/oss-security/2023/08/16/3 https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3105 https://access.redhat.com/security/cve/CVE-2023-40337 https://bugzilla.redhat.com/show_bug.cgi?id=2232425 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40336 – jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin may approve unsandboxed scripts
https://notcve.org/view.php?id=CVE-2023-40336
A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders. A flaw was found in the Jenkins Folders Plugin. Affected versions of this plugin allow attackers to copy folders. • http://www.openwall.com/lists/oss-security/2023/08/16/3 https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3106 https://access.redhat.com/security/cve/CVE-2023-40336 https://bugzilla.redhat.com/show_bug.cgi?id=2232424 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3442 – Missing Authorization in Jenkins plug-in for ServiceNow DevOps
https://notcve.org/view.php?id=CVE-2023-3442
A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform. • https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1434119 • CWE-862: Missing Authorization •