CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32988
https://notcve.org/view.php?id=CVE-2023-32988
A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. • https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2855%20(1) • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32987
https://notcve.org/view.php?id=CVE-2023-32987
A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials. • https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3002 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32986
https://notcve.org/view.php?id=CVE-2023-32986
Jenkins File Parameter Plugin 285.v757c5b_67a_c25 and earlier does not restrict the name (and resulting uploaded file name) of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. • https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3123 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32985
https://notcve.org/view.php?id=CVE-2023-32985
Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. • https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3125 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32984
https://notcve.org/view.php?id=CVE-2023-32984
Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a crafted TestNG report file. • https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3047 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •