Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

jenkins gitlab authentication vulnerabilities and exploits

(subscribe to this query)
8.8
CVSSv3

CVE-2020-2228

Jenkins Gitlab Authentication Plugin 1.5 and previous versions does not perform group authorization checks properly, resulting in a privilege escalation vulnerability.
Jenkins Gitlab Authentication
7.5
CVSSv3

CVE-2019-10371

A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and previous versions in GitLabSecurityRealm.java allows unauthorized malicious users to impersonate another user if they can control the pre-authentication session.
Jenkins Gitlab Oauth
6.5
CVSSv3

CVE-2022-27206

Jenkins GitLab Authentication Plugin 1.13 and previous versions stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Jenkins Gitlab Authentication
6.1
CVSSv3

CVE-2019-10372

An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and previous versions in GitLabSecurityRealm.java allows malicious users to redirect users to a URL outside Jenkins after successful login.
Jenkins Gitlab Oauth
5.4
CVSSv3

CVE-2023-39153

A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and previous versions allows malicious users to trick users into logging in to the attacker's account.
Jenkins Gitlab Authentication
5.4
CVSSv3

CVE-2022-25196

Jenkins GitLab Authentication Plugin 1.13 and previous versions records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified U...
Jenkins Gitlab Authentication
NA

CVE_2022_40684

Official Writeup - Simple CTF 2.0 Created: April 23, 2024 7:50 PM Today I completed an other room on TryHackMe with a simple file-upload vulnerability which I built. I have tried for dancing around this whole CTF machine and getting a lot of walls of challenges in the end it co...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044client sideCVE-2021-47601deserializationCVE-2024-34994encryptionCVE-2021-47609CVE-2024-37079CVE-2024-38608
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook