Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2023
CVE-2023-39153
A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-07-26
CVE-2023-39154
Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-07-26
CVE-2023-39155
Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-07-26
CVE-2023-39156
A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-07-26
CVE-2022-43710
Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery (CSRF) because the unique token could be deduced using the names of all input fields.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-07-26
CVE-2022-43711
Interactive Forms (IAF) in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable to cross site scripting attacks (XSS) because the CSP header uses eval() in the script-src.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-07-26
CVE-2022-43712
POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-07-26
CVE-2022-43713
Interactive Forms (IAF) in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-07-26
CVE-2023-37049
emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-07-26
CVE-2023-39261
In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions
CVSS Score
5.2
EPSS Score
0.0
Published
2023-07-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved