Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

312 advisories

Loading
Jenkins mabl Plugin missing permission check Moderate
CVE-2023-37950 was published for com.mabl.integration.jenkins:mabl-integration (Maven) Jul 12, 2023
Jenkins Orka by MacStadium Plugin missing permission check Moderate
CVE-2023-37949 was published for io.jenkins.plugins:macstadium-orka (Maven) Jul 12, 2023
Jenkins mabl Plugin missing permission check Moderate
CVE-2023-37953 was published for com.mabl.integration.jenkins:mabl-integration (Maven) Jul 12, 2023
Jenkins Team Concert Plugin does not perform permission checks in methods implementing form validation Moderate
CVE-2023-3315 was published for org.jenkins-ci.plugins:teamconcert (Maven) Jun 19, 2023
Jenkins Digital.ai App Management Publisher Plugin missing permission checks Moderate
CVE-2023-35149 was published for org.jenkins-ci.plugins:ease-plugin (Maven) Jun 14, 2023
Missing authorization in Liferay portal High
CVE-2023-33948 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2023
Command injection in nevado-jms High
CVE-2023-31826 was published for org.skyscreamer:nevado-jms (Maven) May 23, 2023
Jenkins Thycotic Secret Server Plugin missing permissions check Moderate
CVE-2023-30518 was published for io.jenkins.plugins:thycotic-secret-server (Maven) Apr 12, 2023
Jenkins Quay.io trigger Plugin webhook endpoint can be accessed without authentication Moderate
CVE-2023-30519 was published for org.jenkins-ci.plugins:quayio-trigger (Maven) Apr 12, 2023
Jenkins Report Portal Plugin missing permissions check Moderate
CVE-2023-30526 was published for org.jenkins-ci.plugins:reportportal (Maven) Apr 12, 2023
Jenkins Fogbugz Plugin has missing permissions check Moderate
CVE-2023-30522 was published for org.jenkins-ci.plugins:fogbugz (Maven) Apr 12, 2023
Jenkins Assembla merge request builder Plugin missing authentication to access endpoint Moderate
CVE-2023-30521 was published for org.jenkins-ci.plugins:assembla-merge-request-builder (Maven) Apr 12, 2023
Lack of authentication mechanism in Jenkins TurboScript Plugin webhook Moderate
CVE-2023-30532 was published for org.jenkinsci.plugins.spoonscript:spoonscript (Maven) Apr 12, 2023
Apache James server's JMX management service vulnerable to privilege escalation by local user High
CVE-2023-26269 was published for org.apache.james:javax-mail-extension (Maven) Apr 3, 2023
Jenkins OctoPerf Load Testing Plugin vulnerable to credential capture Moderate
CVE-2023-28672 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
Jenkins OctoPerf Load Testing Plugin missing permission check allows for unauthorized server connections Moderate
CVE-2023-28675 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
Jenkins OctoPerf Load Testing Plugin missing permission check allows for ID enumeration Moderate
CVE-2023-28673 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
Apiman vulnerable to permissions bypass due to missing check on API key URL Moderate
CVE-2023-28640 was published for io.apiman:apiman-manager-api-rest-impl (Maven) Mar 27, 2023
volkflo
Missing Authorization in Jenkins Azure Credentials Plugin Moderate
CVE-2023-25766 was published for org.jenkins-ci.plugins:azure-credentials (Maven) Feb 15, 2023
Missing Authorization in Jenkins Azure Credentials Plugin Moderate
CVE-2023-25768 was published for org.jenkins-ci.plugins:azure-credentials (Maven) Feb 15, 2023
Missing permission check in Jenkins RabbitMQ Consumer Plugin Moderate
CVE-2023-24448 was published for org.jenkins-ci.plugins:rabbitmq-consumer (Maven) Jan 26, 2023
Missing permission check in Jenkins TestQuality Updater Plugin Moderate
CVE-2023-24453 was published for org.jenkins-ci.plugins:testquality-updater (Maven) Jan 26, 2023
Missing permission checks in Jenkins GitHub Pull Request Builder Plugin Moderate
CVE-2023-24435 was published for org.jenkins-ci.plugins:ghprb (Maven) Jan 26, 2023
Missing permissions check in Jenkins JIRA Pipeline Steps Plugin Moderate
CVE-2023-24438 was published for org.jenkins-ci.plugins:jira-steps (Maven) Jan 26, 2023
Jenkins GitHub Pull Request Builder Plugin missing permission check allows enumerating credentials IDs Moderate
CVE-2023-24436 was published for org.jenkins-ci.plugins:ghprb (Maven) Jan 26, 2023
ProTip! Advisories are also available from the GraphQL API