CVE-2023-41935 - Exploiting Timing Attacks in Jenkins Azure AD Plugin (396.v86ce29279947 and Earlier)
Jenkins is a widely used automation server for building, testing, and deploying software projects. With countless plugins for integration, security is always a top concern.
CVE-2023-41931 - Exploiting Jenkins Job Configuration History Plugin XSS Vulnerability (Detailed Walkthrough)
Jenkins is one of the most widely used open-source automation servers for continuous integration and continuous delivery (CI/CD). Plugins expand Jenkins features but
CVE-2023-40743 - Dangerous Service Lookups in Apache Axis 1.x Can Lead to RCE, SSRF, and DOS
In August 2023, a high-impact vulnerability was disclosed affecting applications based on Apache Axis 1.x, a Java-based SOAP engine. Identified as CVE-
CVE-2023-40826 - Exploiting the pf4j `zipPluginPath` Vulnerability for Remote Code Execution
*CVE-2023-40826* shines a spotlight on a dangerous security weakness found in the pf4j plugin system, specifically versions up to 3.9.. With this
CVE-2023-40827 - Remote Code Execution & Information Leak in PF4J via `loadpluginPath` Parameter
On August 2023, a serious security vulnerability was discovered in PF4J (v.3.9. and prior), a popular Java plugin framework. Identified as CVE-2023-
Episode
00:00:00
00:00:00