Filtered by vendor Jenkins
Subscriptions
Total
1638 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41228 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2024-11-21 | 8.8 High |
| A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials. | ||||
| CVE-2022-41227 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. | ||||
| CVE-2022-41226 | 1 Jenkins | 1 Compuware Common Configuration | 2024-11-21 | 9.8 Critical |
| Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-41225 | 1 Jenkins | 1 Anchore Container Image Scanner | 2024-11-21 | 5.4 Medium |
| Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore engine. | ||||
| CVE-2022-41224 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 5.4 Medium |
| Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component. | ||||
| CVE-2022-38665 | 1 Jenkins | 1 Collabnet | 2024-11-21 | 6.5 Medium |
| Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-38664 | 1 Jenkins | 1 Job Configuration History | 2024-11-21 | 5.4 Medium |
| Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names. | ||||
| CVE-2022-38663 | 1 Jenkins | 1 Git | 2024-11-21 | 6.5 Medium |
| Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding. | ||||
| CVE-2022-36922 | 1 Jenkins | 1 Lucene-search | 2024-11-21 | 6.1 Medium |
| Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting (XSS) vulnerability. | ||||
| CVE-2022-36921 | 1 Jenkins | 1 Coverity | 2024-11-21 | 8.1 High |
| A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-36920 | 1 Jenkins | 1 Coverity | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-36919 | 1 Jenkins | 1 Coverity | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-36918 | 1 Jenkins | 1 Buckminster | 2024-11-21 | 4.3 Medium |
| Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | ||||
| CVE-2022-36917 | 1 Jenkins | 1 Google Cloud Backup | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers with Overall/Read permission to request a manual backup. | ||||
| CVE-2022-36916 | 1 Jenkins | 1 Google Cloud Backup | 2024-11-21 | 8.0 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers to request a manual backup. | ||||
| CVE-2022-36915 | 1 Jenkins | 1 Android Signing | 2024-11-21 | 4.3 Medium |
| Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. | ||||
| CVE-2022-36914 | 1 Jenkins | 1 Files Found Trigger | 2024-11-21 | 4.3 Medium |
| Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | ||||
| CVE-2022-36913 | 1 Jenkins | 1 Openstack Heat | 2024-11-21 | 4.3 Medium |
| Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | ||||
| CVE-2022-36911 | 1 Jenkins | 1 Openstack Heat | 2024-11-21 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL. | ||||
| CVE-2022-36910 | 1 Jenkins | 1 Lucene-search | 2024-11-21 | 5.4 Medium |
| Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them. | ||||