CVE-2023-43498 - How Jenkins File Upload Vulnerability Lets Local Attackers Intercept Your Data
In September 2023, the Jenkins team disclosed an important security vulnerability: CVE-2023-43498. This bug affects Jenkins version 2.423 and earlier, as well as LTS
CVE-2023-41943 - How Jenkins AWS CodeCommit Trigger Plugin Allowed Attackers to Clear SQS Queues
Published: June 2024
Severity: Medium (CVSS: 6.5)
Component: Jenkins AWS CodeCommit Trigger Plugin
Affected Versions: 3..12 and earlier
If you're running
CVE-2023-41945 - Jenkins Assembla Auth Plugin Authorization Bypass—Deep Dive, Exploit, and Mitigation
On September 2023, a critical security flaw was found in the Jenkins Assembla Auth Plugin (up to version 1.14). This vulnerability, now tracked as
CVE-2023-41941 - Exploiting Missing Permission Checks in Jenkins AWS CodeCommit Trigger Plugin
Jenkins is a popular automation server, heavily used for CI/CD pipelines. One of its strengths is the extensibility through hundreds of plugins. But every
CVE-2023-41940 - Exploiting Stored XSS in Jenkins TAP Plugin (Advisory, Exploit, and Mitigation Guide)
Jenkins is a widely used open-source automation server, critical for building and deploying many projects worldwide. However, plugins can sometimes introduce security holes if not
Episode
00:00:00
00:00:00