CVE-2023-40336 - How a Simple CSRF Bug in Jenkins Folders Plugin Lets Attackers Copy Your Folders
On August 23, 2023, a new vulnerability was disclosed affecting Jenkins, the popular open-source automation server. Registered as CVE-2023-40336, this security flaw exists in the
CVE-2023-40349 - Breaking Down the Jenkins Gogs Plugin Webhook Vulnerability
CVE-2023-40349 is a critical security flaw discovered in the Jenkins Gogs Plugin (versions 1..15 and earlier). This vulnerability allows attackers to trigger builds on
CVE-2023-40350 - Jenkins Docker Swarm Plugin XSS Vulnerability Explained
In August 2023, a critical security flaw (CVE-2023-40350) was discovered in the Jenkins Docker Swarm Plugin. If you use Jenkins with Docker Swarm and haven’
CVE-2023-40348 - Inside Jenkins Gogs Plugin Info Disclosure Flaw (With Exploit Example)
CVE-2023-40348 is an information disclosure vulnerability found in the Jenkins Gogs Plugin, specifically versions 1..15 and earlier. This issue gives unauthenticated attackers the ability
CVE-2023-40339 - How Jenkins Config File Provider Plugin Leaks Plaintext Credentials in Build Logs
Date Discovered: August 16, 2023
Affected Plugin: Jenkins Config File Provider Plugin
Impacted Versions: 952.va_544a_6234b_46 and earlier
TL;DR
A serious
Episode
00:00:00
00:00:00