Jenkins Octoperf Load Testing vulnerabilities
5 known vulnerabilities affecting jenkins/octoperf_load_testing.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2023-28674HIGHCVSS 8.8≤ 4.5.22023-04-02
CVE-2023-28674 [HIGH] CWE-352 CVE-2023-28674: A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5
A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials.
nvd
CVE-2023-28671MEDIUMCVSS 4.3≤ 4.5.02023-04-02
CVE-2023-28671 [MEDIUM] CWE-352 CVE-2023-28671: A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5
A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
nvd
CVE-2023-28673MEDIUMCVSS 4.3≤ 4.5.22023-04-02
CVE-2023-28673 [MEDIUM] CWE-862 CVE-2023-28673: A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows a
A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
nvd
CVE-2023-28675MEDIUMCVSS 4.3≤ 4.5.22023-04-02
CVE-2023-28675 [MEDIUM] CWE-862 CVE-2023-28675: A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows a
A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials.
nvd
CVE-2023-28672MEDIUMCVSS 6.5≤ 4.5.12023-04-02
CVE-2023-28672 [MEDIUM] CWE-862 CVE-2023-28672: Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in
Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
nvd