CVE-2023-40346 - Exploiting XSS in Jenkins Shortcut Job Plugin (.4 and earlier) - Simple Explained with Code Example
Jenkins is a popular automation server used for continuous integration and delivery (CI/CD). But sometimes, plugins can introduce security issues. Recently, a critical vulnerability
CVE-2023-40343 - How Jenkins Tuleap Authentication Plugin Leaks Tokens via Timing Attacks
## Introduction
Jenkins is one of the world’s most famous automation servers. It relies heavily on plugins to deliver its powers, and authentication plugins are
CVE-2023-39156 - How A CSRF Vulnerability in Jenkins Bazaar Plugin Let Attackers Delete SCM Tags
In June 2023, a cross-site request forgery (CSRF) vulnerability, tracked as CVE-2023-39156, was discovered in the Jenkins Bazaar Plugin. This bug, present in version 1.
CVE-2023-39154 - Exploiting Improper Permission Checks in Jenkins Qualys Web App Scanning Connector Plugin
Jenkins is a widely-used automation server in the DevOps world, helping developers deploy code and automate tasks. But sometimes, plugins meant to make life easy
CVE-2023-39155 - Jenkins Chef Identity Plugin Exposes Sensitive user.pem Key – Exploit and Analysis
In late 2023, a security vulnerability was reported in the Jenkins Chef Identity Plugin, tracked as CVE-2023-39155. This flaw is critical for Jenkins users who
Episode
00:00:00
00:00:00