CVE-2023-43494 - Jenkins Build History Widget Info Leak (Exploit & Analysis)
Jenkins is one of the most popular open source automation servers in the world, widely used for continuous integration and delivery. However, even robust tools
CVE-2023-43498 - How Jenkins File Upload Vulnerability Lets Local Attackers Intercept Your Data
In September 2023, the Jenkins team disclosed an important security vulnerability: CVE-2023-43498. This bug affects Jenkins version 2.423 and earlier, as well as LTS
CVE-2023-41941 - Exploiting Missing Permission Checks in Jenkins AWS CodeCommit Trigger Plugin
Jenkins is a popular automation server, heavily used for CI/CD pipelines. One of its strengths is the extensibility through hundreds of plugins. But every
CVE-2023-41945 - Jenkins Assembla Auth Plugin Authorization Bypass—Deep Dive, Exploit, and Mitigation
On September 2023, a critical security flaw was found in the Jenkins Assembla Auth Plugin (up to version 1.14). This vulnerability, now tracked as
CVE-2023-41943 - How Jenkins AWS CodeCommit Trigger Plugin Allowed Attackers to Clear SQS Queues
Published: June 2024
Severity: Medium (CVSS: 6.5)
Component: Jenkins AWS CodeCommit Trigger Plugin
Affected Versions: 3..12 and earlier
If you're running
Episode
00:00:00
00:00:00