Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Jenkins Project | Jenkins Blue Ocean Plugin | affected |
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| OCP-Tools-4.12-RHEL-8 | |||
| jenkins-2-plugins-0:4.12.1706515741-1.el8 | cpe:/a:redhat:ocp_tools:4.12::el8 | RHSA-2024:0778 | 2024-02-12T00:00:00Z |
| OCP-Tools-4.14-RHEL-8 | |||
| jenkins-2-plugins-0:4.14.1706516441-1.el8 | cpe:/a:redhat:ocp_tools:4.14::el8 | RHSA-2024:0777 | 2024-02-12T00:00:00Z |
No data available yet.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2023-2288 | A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job. |
 Github GHSA |
GHSA-g4pq-p927-7pgg | Jenkins Blue Ocean Plugin cross-site request forgery vulnerability |
Tue, 08 Oct 2024 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: jenkins
Published:
Updated: 2024-10-08T18:32:10.012Z
Reserved: 2023-08-14T16:02:56.435Z
Link: CVE-2023-40341
Vulnrichment
Updated: 2024-08-02T18:31:53.657Z
NVD
Status : Modified
Published: 2023-08-16T15:15:11.683
Modified: 2024-11-21T08:19:15.350
Link: CVE-2023-40341
Redhat
OpenCVE Enrichment
No data.