Skip to main content
CVE-2023-22468 MEDIUM This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Discourse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0452 MEDIUM This Month

Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eos
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-22725 MEDIUM This Month

GLPI is a Free Asset and IT Management Software package. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-22724 MEDIUM This Month

GLPI is a Free Asset and IT Management Software package. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-24455 MEDIUM This Month

Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Path Traversal Visual Expert
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2023-24451 MEDIUM This Month

A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Cisco Authentication Bypass Cisco Spark
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-24449 MEDIUM This Month

Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Path Traversal Pwauth Security Realm
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2023-24436 MEDIUM This Month

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Github Pull Request Builder
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-24431 MEDIUM PATCH This Month

A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Orka By Macstadium
NVD
CVSS 3.1
4.3
EPSS
0.6%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy