Security Vulnerabilities - CVEs Published In August 2023
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-08-16
Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents.
CVSS Score
5.4
EPSS Score
0.038
Published
2023-08-16
Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-08-16
A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVSS Score
4.3
EPSS Score
0.0
Published
2023-08-16
Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-08-16
Dell PowerScale OneFS, 8.2.x - 9.5.0.x, contains an elevation of privilege vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service, code execution and information disclosure.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-08-16
Dell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosure vulnerability in NFS. A low privileged attacker could potentially exploit this vulnerability, leading to information disclosure.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-08-16
Dell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, to bypass mode protections and gain elevated privileges.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-08-16
Dell PowerScale OneFS 8.2x -9.5x contains an improper privilege management vulnerability. A high privilege local attacker could potentially exploit this vulnerability, leading to system takeover.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-08-16
Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnerability in SNMPv3. A low privileges user could potentially exploit this vulnerability, leading to information disclosure.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-08-16