Jenkins Elasticbox Ci vulnerabilities

CVE-2023-37965 [HIGH] CWE-862 CVE-2023-37965: A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers with O A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE-2023-37964 [HIGH] CWE-352 CVE-2023-37964: A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE-2019-10450 [LOW] CWE-312 CVE-2019-10450: Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration f Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.