Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins gitlab authentication vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-2228
Jenkins Gitlab Authentication Plugin 1.5 and previous versions does not perform group authorization checks properly, resulting in a privilege escalation vulnerability.
Jenkins Gitlab Authentication
7.5
CVSSv3
CVE-2019-10371
A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and previous versions in GitLabSecurityRealm.java allows unauthorized malicious users to impersonate another user if they can control the pre-authentication session.
Jenkins Gitlab Oauth
6.5
CVSSv3
CVE-2022-27206
Jenkins GitLab Authentication Plugin 1.13 and previous versions stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Jenkins Gitlab Authentication
6.1
CVSSv3
CVE-2019-10372
An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and previous versions in GitLabSecurityRealm.java allows malicious users to redirect users to a URL outside Jenkins after successful login.
Jenkins Gitlab Oauth
5.4
CVSSv3
CVE-2023-39153
A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and previous versions allows malicious users to trick users into logging in to the attacker's account.
Jenkins Gitlab Authentication
5.4
CVSSv3
CVE-2022-25196
Jenkins GitLab Authentication Plugin 1.13 and previous versions records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified U...
Jenkins Gitlab Authentication
NA
CVE_2022_40684
Official Writeup - Simple CTF 2.0 Created: April 23, 2024 7:50 PM Today I completed an other room on TryHackMe with a simple file-upload vulnerability which I built. I have tried for dancing around this whole CTF machine and getting a lot of walls of challenges in the end it co...
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
client side
CVE-2021-47601
deserialization
CVE-2024-34994
encryption
CVE-2021-47609
CVE-2024-37079
CVE-2024-38608
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started