CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40351
https://notcve.org/view.php?id=CVE-2023-40351
A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar. • http://www.openwall.com/lists/oss-security/2023/08/16/3 https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3201 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27196
https://notcve.org/view.php?id=CVE-2022-27196
Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions. El Plugin Jenkins Favorite versiones 2.4.0 y anteriores, no escapan los nombres de los trabajos en la columna de favoritos, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenada explotable por atacantes con permisos de Item/Configure o Item/Create • http://www.openwall.com/lists/oss-security/2022/03/15/2 https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2557 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000243
https://notcve.org/view.php?id=CVE-2017-1000243
Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites La versión 2.1.4. y anteriores del plugin Favorite en Jenkins no realizan comprobaciones de permisos cuando se cambia el estado favorito, lo que permite que cualquier usuario establezca los favoritos de otros usuarios. • http://www.securityfocus.com/bid/101946 https://jenkins.io/security/advisory/2017-06-06 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000244
https://notcve.org/view.php?id=CVE-2017-1000244
Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification La versión 2.2.0 y anteriores del plugin Favorite en Jenkins es vulnerable a Cross-Site Request Forgery (CSRF), lo que tiene como resultado la modificación de datos. • http://www.securityfocus.com/bid/101943 https://jenkins.io/security/advisory/2017-06-06 • CWE-352: Cross-Site Request Forgery (CSRF) •