CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33003
https://notcve.org/view.php?id=CVE-2023-33003
A cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics. • https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3083 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33002
https://notcve.org/view.php?id=CVE-2023-33002
Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. • https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2892 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33001
https://notcve.org/view.php?id=CVE-2023-33001
Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. • https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3077 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33000
https://notcve.org/view.php?id=CVE-2023-33000
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and capture them. • https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2962 • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32999
https://notcve.org/view.php?id=CVE-2023-32999
A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials. • https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3121 • CWE-276: Incorrect Default Permissions •