Security Vulnerabilities - CVEs Published In August 2023
Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-08-16
Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control responses from Docker.
CVSS Score
5.4
EPSS Score
0.022
Published
2023-08-16
A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar.
CVSS Score
4.3
EPSS Score
0.0
Published
2023-08-16
install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document.
CVSS Score
9.8
EPSS Score
0.02
Published
2023-08-16
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.
CVSS Score
8.8
EPSS Score
0.012
Published
2023-08-16
A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-08-16
A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-08-16
Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-08-16
Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-08-16
Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask (i.e., replace with asterisks) credentials specified in the Npm config file in Pipeline build logs.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-16