CVE-2024-4388
- EPSS 0.43%
- Veröffentlicht 23.05.2024 06:15:11
- Zuletzt bearbeitet 21.11.2024 09:42:44
This does not validate a path generated with user input when downloading files, allowing unauthenticated user to download arbitrary files from the server
CVE-2024-4399
- EPSS 24.47%
- Veröffentlicht 23.05.2024 06:15:11
- Zuletzt bearbeitet 30.06.2025 18:44:29
The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack
CVE-2023-32997
- EPSS 0.19%
- Veröffentlicht 16.05.2023 17:15:12
- Zuletzt bearbeitet 23.01.2025 16:15:30
Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.
CVE-2021-21673
- EPSS 0.08%
- Veröffentlicht 30.06.2021 17:15:09
- Zuletzt bearbeitet 21.11.2024 05:48:48
Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.
CVE-2018-1000188
- EPSS 0.03%
- Veröffentlicht 05.06.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:39:53
A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.