Jenkins Elasticbox Ci
By the Year
In 2023 there have been 2 vulnerabilities in Jenkins Elasticbox Ci with an average score of 8.0 out of ten. Elasticbox Ci did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2023 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 2 | 7.95 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 3.30 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Elasticbox Ci vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Elasticbox Ci Security Vulnerabilities
A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier
CVE-2023-37964
8.8 - High
- July 12, 2023
A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Session Riding
A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and earlier
CVE-2023-37965
7.1 - High
- July 12, 2023
A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
AuthZ
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they
CVE-2019-10450
3.3 - Low
- October 16, 2019
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Cleartext Storage of Sensitive Information
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Elasticbox Ci or by Jenkins? Click the Watch button to subscribe.
