CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30519
https://notcve.org/view.php?id=CVE-2023-30519
A missing permission check in Jenkins Quay.io trigger Plugin 0.1 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository. • http://www.openwall.com/lists/oss-security/2023/04/13/3 https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2849 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30518
https://notcve.org/view.php?id=CVE-2023-30518
A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. • http://www.openwall.com/lists/oss-security/2023/04/13/3 https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2837 • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30517
https://notcve.org/view.php?id=CVE-2023-30517
Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server. • http://www.openwall.com/lists/oss-security/2023/04/13/3 https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2841 • CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30516
https://notcve.org/view.php?id=CVE-2023-30516
Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries, resulting in job configurations using Image Tag Parameters that were created before 2.0 having SSL/TLS certificate validation disabled by default. • http://www.openwall.com/lists/oss-security/2023/04/13/3 https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2840 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30515
https://notcve.org/view.php?id=CVE-2023-30515
Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. • http://www.openwall.com/lists/oss-security/2023/04/13/3 https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-3075 • CWE-319: Cleartext Transmission of Sensitive Information •