CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Jenkins: >> Cas >> 1.4.0 Security Vulnerabilities

CVE-2023-32997

Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.

CVSS Score

8.8

EPSS Score

0.002

Published

2023-05-16

CVE-2021-21673

Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.

CVSS Score

6.1

EPSS Score

0.007

Published

2021-06-30

CVE-2018-1000188

A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

CVSS Score

5.4

EPSS Score

0.0

Published

2018-06-05

Page 1

Vulnerabilities

Vulnerable Software

Jenkins: >> Cas >> 1.4.0 Security Vulnerabilities

Products

Pricing

Contact Us