Known Vulnerabilities
CVE-2023-4301
A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
MEDIUM
CVSS 4.2
Published Aug 21, 2023
CVE-2023-4302
A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
MEDIUM
CVSS 4.2
Published Aug 21, 2023
CVE-2023-4303
Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.
MEDIUM
CVSS 4.3
Published Aug 21, 2023