CVE-2023-40344 - How a Simple Permission Check Failure in Jenkins Delphix Plugin Exposes Credential IDs
In the fast-moving world of DevOps, Jenkins plugins play a big role in extending core functionality. But sometimes, even a small oversight in plugin code
CVE-2023-40350 - Jenkins Docker Swarm Plugin XSS Vulnerability Explained
In August 2023, a critical security flaw (CVE-2023-40350) was discovered in the Jenkins Docker Swarm Plugin. If you use Jenkins with Docker Swarm and haven’
CVE-2023-40348 - Inside Jenkins Gogs Plugin Info Disclosure Flaw (With Exploit Example)
CVE-2023-40348 is an information disclosure vulnerability found in the Jenkins Gogs Plugin, specifically versions 1..15 and earlier. This issue gives unauthenticated attackers the ability
CVE-2023-40339 - How Jenkins Config File Provider Plugin Leaks Plaintext Credentials in Build Logs
Date Discovered: August 16, 2023
Affected Plugin: Jenkins Config File Provider Plugin
Impacted Versions: 952.va_544a_6234b_46 and earlier
TL;DR
A serious
CVE-2023-40347 - How a Jenkins Plugin Flaw Leaked Credentials – Explained Simply
In September 2023, the CVE-2023-40347 vulnerability was published, impacting the popular Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin versions 1.14 and earlier. This bug is
Episode
00:00:00
00:00:00