Skip to main content

Gitlab Authentication

3 CVEs product

Monthly

CVE-2023-39153 Maven MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Gitlab CSRF Gitlab Authentication
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-27206 Maven MEDIUM PATCH This Month

Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Jenkins Information Disclosure Gitlab Authentication
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-2228 Maven HIGH PATCH This Week

Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Gitlab Privilege Escalation Authentication Bypass Gitlab Authentication
NVD
CVSS 3.1
8.8
EPSS
1.4%
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Gitlab CSRF +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Gitlab Privilege Escalation +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy