Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8
CVE-2023-28676
- EPSS 0.49%
- Published 02.04.2023 21:15:09
- Last modified 25.02.2025 20:15:33
A cross-site request forgery (CSRF) vulnerability in Jenkins Convert To Pipeline Plugin 1.0 and earlier allows attackers to create a Pipeline based on a Freestyle project, potentially leading to remote code execution (RCE).
9.8
CVE-2023-28677
- EPSS 0.55%
- Published 02.04.2023 21:15:09
- Last modified 25.02.2025 20:15:33
Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure...
1