CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

jenkins

synopsys_coverity

3 known vulnerabilities · sorted by CVSS score

CVE-2023-23848

MEDIUM4.3

Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

jenkins / synopsys_coverity

Network

Published Feb 15, 2023

CVE-2023-23850

MEDIUM4.3

A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

jenkins / synopsys_coverity

Network

Published Feb 15, 2023

CVE-2023-23847

LOW3.5

A cross-site request forgery (CSRF) vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

jenkins / synopsys_coverity

Network

Published Feb 15, 2023