Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-40351
Publication date:
16/08/2023
A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar.
Severity CVSS v4.0: Pending analysis
Last modification:
22/08/2023

CVE-2023-39975
Publication date:
16/08/2023
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2024

CVE-2023-40344
Publication date:
16/08/2023
A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Severity CVSS v4.0: Pending analysis
Last modification:
20/10/2023

CVE-2023-40345
Publication date:
16/08/2023
Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to.
Severity CVSS v4.0: Pending analysis
Last modification:
20/10/2023

CVE-2023-40343
Publication date:
16/08/2023
Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2023

CVE-2023-40341
Publication date:
16/08/2023
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2023

CVE-2023-40342
Publication date:
16/08/2023
Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2023

CVE-2023-40339
Publication date:
16/08/2023
Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log.
Severity CVSS v4.0: Pending analysis
Last modification:
22/08/2023

CVE-2023-40340
Publication date:
16/08/2023
Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask (i.e., replace with asterisks) credentials specified in the Npm config file in Pipeline build logs.
Severity CVSS v4.0: Pending analysis
Last modification:
22/08/2023

CVE-2023-39115
Publication date:
16/08/2023
install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document.
Severity CVSS v4.0: Pending analysis
Last modification:
22/08/2023

CVE-2023-40336
Publication date:
16/08/2023
A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders.
Severity CVSS v4.0: Pending analysis
Last modification:
22/08/2023

CVE-2023-40337
Publication date:
16/08/2023
A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder.
Severity CVSS v4.0: Pending analysis
Last modification:
22/08/2023
Subscribe to Vulnerabilities