MATLAB Plugin
CVEs (47)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-49656 | 0.00 | — | 0.00 | Nov 29, 2023 | Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||
| CVE-2023-49655 | 0.00 | — | 0.00 | Nov 29, 2023 | A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system. | |||
| CVE-2023-49654 | 0.00 | — | 0.00 | Nov 29, 2023 | Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system. | |||
| CVE-2023-41940 | 0.00 | — | 0.06 | Sep 6, 2023 | Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control TAP file contents. | |||
| CVE-2023-41938 | 0.00 | — | 0.00 | Sep 6, 2023 | A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attackers to delete disabled modules. | |||
| CVE-2023-37953 | 0.00 | — | 0.00 | Jul 12, 2023 | A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||
| CVE-2023-37952 | 0.00 | — | 0.00 | Jul 12, 2023 | A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||
| CVE-2023-37951 | 0.00 | — | 0.00 | Jul 12, 2023 | Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. | |||
| CVE-2023-37950 | 0.00 | — | 0.00 | Jul 12, 2023 | A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||
| CVE-2023-32997 | 0.00 | — | 0.01 | May 16, 2023 | Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login. | |||
| CVE-2022-46682 | 0.00 | — | 0.02 | Dec 7, 2022 | Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||
| CVE-2022-45400 | 0.00 | — | 0.03 | Nov 15, 2022 | Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||
| CVE-2022-45395 | 0.00 | — | 0.05 | Nov 15, 2022 | Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||
| CVE-2022-43415 | 0.00 | — | 0.06 | Oct 19, 2022 | Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||
| CVE-2022-41241 | 0.00 | — | 0.01 | Sep 21, 2022 | Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||
| CVE-2022-34810 | 0.00 | — | 0.00 | Jun 30, 2022 | A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||
| CVE-2022-34809 | 0.00 | — | 0.00 | Jun 30, 2022 | Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||
| CVE-2022-34783 | 0.00 | — | 0.32 | Jun 30, 2022 | Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||
| CVE-2022-30949 | 0.00 | — | 0.00 | May 17, 2022 | Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. | |||
| CVE-2022-29037 | 0.00 | — | 0.00 | Apr 12, 2022 | Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
- CVE-2023-49656Nov 29, 2023risk 0.00cvss —epss 0.00
Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- CVE-2023-49655Nov 29, 2023risk 0.00cvss —epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system.
- CVE-2023-49654Nov 29, 2023risk 0.00cvss —epss 0.00
Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system.
- CVE-2023-41940Sep 6, 2023risk 0.00cvss —epss 0.06
Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control TAP file contents.
- CVE-2023-41938Sep 6, 2023risk 0.00cvss —epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attackers to delete disabled modules.
- CVE-2023-37953Jul 12, 2023risk 0.00cvss —epss 0.00
A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
- CVE-2023-37952Jul 12, 2023risk 0.00cvss —epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
- CVE-2023-37951Jul 12, 2023risk 0.00cvss —epss 0.00
Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.
- CVE-2023-37950Jul 12, 2023risk 0.00cvss —epss 0.00
A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
- CVE-2023-32997May 16, 2023risk 0.00cvss —epss 0.01
Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.
- CVE-2022-46682Dec 7, 2022risk 0.00cvss —epss 0.02
Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- CVE-2022-45400Nov 15, 2022risk 0.00cvss —epss 0.03
Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- CVE-2022-45395Nov 15, 2022risk 0.00cvss —epss 0.05
Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- CVE-2022-43415Oct 19, 2022risk 0.00cvss —epss 0.06
Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- CVE-2022-41241Sep 21, 2022risk 0.00cvss —epss 0.01
Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- CVE-2022-34810Jun 30, 2022risk 0.00cvss —epss 0.00
A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
- CVE-2022-34809Jun 30, 2022risk 0.00cvss —epss 0.00
Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
- CVE-2022-34783Jun 30, 2022risk 0.00cvss —epss 0.32
Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
- CVE-2022-30949May 17, 2022risk 0.00cvss —epss 0.00
Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
- CVE-2022-29037Apr 12, 2022risk 0.00cvss —epss 0.00
Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Page 1 of 3