CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3414 – Cross-Site Request Forgery (CSRF) in Jenkins Plug-in for ServiceNow DevOps
https://notcve.org/view.php?id=CVE-2023-3414
A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform. • https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1434118 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39156
https://notcve.org/view.php?id=CVE-2023-39156
A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags. • http://www.openwall.com/lists/oss-security/2023/07/26/2 https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3095 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39155
https://notcve.org/view.php?id=CVE-2023-39155
Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it. • http://www.openwall.com/lists/oss-security/2023/07/26/2 https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3192 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39154
https://notcve.org/view.php?id=CVE-2023-39154
Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. • http://www.openwall.com/lists/oss-security/2023/07/26/2 https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3012 • CWE-863: Incorrect Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39153
https://notcve.org/view.php?id=CVE-2023-39153
A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account. • http://www.openwall.com/lists/oss-security/2023/07/26/2 https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-2696 • CWE-352: Cross-Site Request Forgery (CSRF) •