Total
976 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41244 | 1 Jenkins | 1 View26 Test-reporting | 2023-11-01 | N/A | 8.1 HIGH |
| Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections. | |||||
| CVE-2022-41243 | 1 Jenkins | 1 Smalltest | 2023-11-01 | N/A | 8.1 HIGH |
| Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections. | |||||
| CVE-2022-45391 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2023-11-01 | N/A | 7.5 HIGH |
| Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM. | |||||
| CVE-2023-31580 | 1 Networknt | 1 Light-oauth2 | 2023-10-31 | N/A | 5.9 MEDIUM |
| light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token. | |||||
| CVE-2020-2253 | 1 Jenkins | 1 Email Extension | 2023-10-25 | 5.8 MEDIUM | 4.8 MEDIUM |
| Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server. | |||||
| CVE-2020-2252 | 1 Jenkins | 1 Mailer | 2023-10-25 | 5.8 MEDIUM | 4.8 MEDIUM |
| Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server. | |||||
| CVE-2020-2187 | 1 Jenkins | 1 Amazon Ec2 | 2023-10-25 | 6.8 MEDIUM | 5.6 MEDIUM |
| Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks. | |||||
| CVE-2019-16561 | 1 Jenkins | 1 Websphere Deployer | 2023-10-25 | 5.5 MEDIUM | 7.1 HIGH |
| Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM. | |||||
| CVE-2019-16558 | 1 Jenkins | 1 Spira Importer | 2023-10-25 | 6.4 MEDIUM | 8.2 HIGH |
| Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM. | |||||
| CVE-2019-10446 | 1 Jenkins | 1 Cadence Vmanager | 2023-10-25 | 6.4 MEDIUM | 8.2 HIGH |
| Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM. | |||||
| CVE-2019-10444 | 1 Jenkins | 1 Bumblebee Hp Alm | 2023-10-25 | 6.4 MEDIUM | 6.5 MEDIUM |
| Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disabled SSL/TLS and hostname verification for connections to HP ALM. | |||||
| CVE-2019-10382 | 1 Jenkins | 1 Vmware Lab Manager Slaves | 2023-10-25 | 5.8 MEDIUM | 6.5 MEDIUM |
| Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | |||||
| CVE-2019-10381 | 1 Jenkins | 1 Codefresh Integration | 2023-10-25 | 4.3 MEDIUM | 7.5 HIGH |
| Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | |||||
| CVE-2019-10334 | 1 Jenkins | 1 Electricflow | 2023-10-25 | 5.8 MEDIUM | 6.5 MEDIUM |
| Jenkins ElectricFlow Plugin 1.1.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM when MultipartUtility.java is used to upload files. | |||||
| CVE-2019-10317 | 1 Jenkins | 1 Sitemonitor | 2023-10-25 | 4.3 MEDIUM | 5.9 MEDIUM |
| Jenkins SiteMonitor Plugin 0.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM. | |||||
| CVE-2019-10314 | 1 Jenkins | 1 Koji | 2023-10-25 | 4.3 MEDIUM | 5.9 MEDIUM |
| Jenkins Koji Plugin disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | |||||
| CVE-2019-1003009 | 1 Jenkins | 1 Active Directory | 2023-10-25 | 5.8 MEDIUM | 7.4 HIGH |
| An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java, src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java that allows attackers to impersonate the Active Directory server Jenkins connects to for authentication if Jenkins is configured to use StartTLS. | |||||
| CVE-2022-3761 | 1 Openvpn | 1 Connect | 2023-10-24 | N/A | 5.9 MEDIUM |
| OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intercept configuration profile download requests which contains the users credentials | |||||
| CVE-2023-5422 | 1 Otrs | 1 Otrs | 2023-10-20 | N/A | 9.1 CRITICAL |
| The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the SSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate satisfies all necessary security requirements. This could allow an attacker to use an invalid certificate to claim to be a trusted host, use expired certificates, or conduct other attacks that could be detected if the certificate is properly validated. This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34. | |||||
| CVE-2023-4499 | 1 Hp | 20 Elite Mt645, Mt21, Mt22 and 17 more | 2023-10-19 | N/A | 7.5 HIGH |
| A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. HP is releasing mitigation for the potential vulnerability. | |||||