Jenkins Nexus Platform
By the Year
In 2024 there have been 0 vulnerabilities in Jenkins Nexus Platform . Last year Nexus Platform had 4 security vulnerabilities published. Right now, Nexus Platform is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 4 | 6.83 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Nexus Platform vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Nexus Platform Security Vulnerabilities
Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier
CVE-2023-50769
4.3 - Medium
- December 13, 2023
Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
AuthZ
A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier
CVE-2023-50768
8.8 - High
- December 13, 2023
A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Session Riding
Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier
CVE-2023-50767
5.4 - Medium
- December 13, 2023
Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.
AuthZ
A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier
CVE-2023-50766
8.8 - High
- December 13, 2023
A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML.
Session Riding
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Nexus Platform or by Jenkins? Click the Watch button to subscribe.