Jenkins Project Jenkins Elasticbox Ci Plugin vulnerabilities
3 known vulnerabilities affecting jenkins_project/jenkins_elasticbox_ci_plugin.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2LOW1
Vulnerabilities
Page 1 of 1
CVE-2023-37964HIGHCVSS 8.8≤ 5.0.12023-07-12
CVE-2023-37964 [HIGH] CWE-352 CVE-2023-37964: A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier
A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
cvelistv5nvd
CVE-2023-37965HIGHCVSS 7.1≤ 5.0.12023-07-12
CVE-2023-37965 [HIGH] CWE-862 CVE-2023-37965: A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers with O
A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
cvelistv5nvd
CVE-2019-10450LOWCVSS 3.3v5.0.1 and earlier2019-10-16
CVE-2019-10450 [LOW] CWE-312 CVE-2019-10450: Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration f
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
cvelistv5nvd