Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

247 advisories

Loading
Jenkins Sumologic Publisher Plugin missing permission check Moderate
CVE-2023-37959 was published for org.jenkins-ci.plugins:sumologic-publisher (Maven) Jul 12, 2023
Jenkins Benchmark Evaluator Plugin missing permission check Moderate
CVE-2023-37963 was published for io.jenkins.plugins:benchmark-evaluator (Maven) Jul 12, 2023
Jenkins ElasticBox CI Plugin missing permission check Moderate
CVE-2023-37965 was published for org.jenkins-ci.plugins:elasticbox (Maven) Jul 12, 2023
Jenkins mabl Plugin missing permission check Moderate
CVE-2023-37953 was published for com.mabl.integration.jenkins:mabl-integration (Maven) Jul 12, 2023
Jenkins Test Results Aggregator Plugin missing permission check Moderate
CVE-2023-37956 was published for org.jenkins-ci.plugins:test-results-aggregator (Maven) Jul 12, 2023
Jenkins SAML Single Sign On(SSO) Plugin missing permission check Moderate
CVE-2023-37945 was published for io.jenkins.plugins:miniorange-saml-sp (Maven) Jul 12, 2023
Jenkins Datadog Plugin does not perform a permission check in an HTTP endpoint. Moderate
CVE-2023-37944 was published for org.datadog.jenkins.plugins:datadog (Maven) Jul 12, 2023
Jenkins mabl Plugin missing permission check Moderate
CVE-2023-37950 was published for com.mabl.integration.jenkins:mabl-integration (Maven) Jul 12, 2023
Jenkins Orka by MacStadium Plugin missing permission check Moderate
CVE-2023-37949 was published for io.jenkins.plugins:macstadium-orka (Maven) Jul 12, 2023
Jenkins Team Concert Plugin does not perform permission checks in methods implementing form validation Moderate
CVE-2023-3315 was published for org.jenkins-ci.plugins:teamconcert (Maven) Jun 19, 2023
Jenkins Digital.ai App Management Publisher Plugin missing permission checks Moderate
CVE-2023-35149 was published for org.jenkins-ci.plugins:ease-plugin (Maven) Jun 14, 2023
Jenkins Thycotic Secret Server Plugin missing permissions check Moderate
CVE-2023-30518 was published for io.jenkins.plugins:thycotic-secret-server (Maven) Apr 12, 2023
Jenkins Quay.io trigger Plugin webhook endpoint can be accessed without authentication Moderate
CVE-2023-30519 was published for org.jenkins-ci.plugins:quayio-trigger (Maven) Apr 12, 2023
Jenkins Assembla merge request builder Plugin missing authentication to access endpoint Moderate
CVE-2023-30521 was published for org.jenkins-ci.plugins:assembla-merge-request-builder (Maven) Apr 12, 2023
Jenkins Fogbugz Plugin has missing permissions check Moderate
CVE-2023-30522 was published for org.jenkins-ci.plugins:fogbugz (Maven) Apr 12, 2023
Jenkins Report Portal Plugin missing permissions check Moderate
CVE-2023-30526 was published for org.jenkins-ci.plugins:reportportal (Maven) Apr 12, 2023
Lack of authentication mechanism in Jenkins TurboScript Plugin webhook Moderate
CVE-2023-30532 was published for org.jenkinsci.plugins.spoonscript:spoonscript (Maven) Apr 12, 2023
Jenkins OctoPerf Load Testing Plugin missing permission check allows for unauthorized server connections Moderate
CVE-2023-28675 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
Jenkins OctoPerf Load Testing Plugin missing permission check allows for ID enumeration Moderate
CVE-2023-28673 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
Jenkins OctoPerf Load Testing Plugin vulnerable to credential capture Moderate
CVE-2023-28672 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
Apiman vulnerable to permissions bypass due to missing check on API key URL Moderate
CVE-2023-28640 was published for io.apiman:apiman-manager-api-rest-impl (Maven) Mar 27, 2023
volkflo
Missing Authorization in Jenkins Azure Credentials Plugin Moderate
CVE-2023-25768 was published for org.jenkins-ci.plugins:azure-credentials (Maven) Feb 15, 2023
Missing Authorization in Jenkins Azure Credentials Plugin Moderate
CVE-2023-25766 was published for org.jenkins-ci.plugins:azure-credentials (Maven) Feb 15, 2023
Missing permission checks in Jenkins Orka Plugin allow capturing credentials Moderate
CVE-2023-24433 was published for io.jenkins.plugins:macstadium-orka (Maven) Jan 26, 2023
Missing permissions check in Jenkins JIRA Pipeline Steps Plugin Moderate
CVE-2023-24438 was published for org.jenkins-ci.plugins:jira-steps (Maven) Jan 26, 2023
ProTip! Advisories are also available from the GraphQL API