Filtered by vendor Jenkins
Subscribe
Total
1603 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34209 | 1 Jenkins | 1 Threadfix | 2023-11-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers to connect to an attacker-specified URL. | |||||
| CVE-2022-34210 | 1 Jenkins | 1 Threadfix | 2023-11-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | |||||
| CVE-2022-34211 | 1 Jenkins | 1 Vrealize Orchestrator | 2023-11-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL. | |||||
| CVE-2022-34212 | 1 Jenkins | 1 Vrealize Orchestrator | 2023-11-03 | 3.5 LOW | 5.7 MEDIUM |
| A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL. | |||||
| CVE-2022-34213 | 1 Jenkins | 1 Squash Tm Publisher | 2023-11-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2022-34779 | 1 Jenkins | 1 Xebialabs Xl Release | 2023-11-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-34780 | 1 Jenkins | 1 Xebialabs Xl Release | 2023-11-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-34202 | 1 Jenkins | 1 Easyqa | 2023-11-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2022-34201 | 1 Jenkins | 1 Convertigo Mobile Platform | 2023-11-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | |||||
| CVE-2022-34203 | 1 Jenkins | 1 Easyqa | 2023-11-03 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins EasyQA Plugin 1.0 and earlier allows attackers to connect to an attacker-specified HTTP server. | |||||
| CVE-2022-34204 | 1 Jenkins | 1 Easyqa | 2023-11-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server. | |||||
| CVE-2022-30953 | 1 Jenkins | 1 Blue Ocean | 2023-11-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server. | |||||
| CVE-2022-30954 | 1 Jenkins | 1 Blue Ocean | 2023-11-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server. | |||||
| CVE-2022-30955 | 1 Jenkins | 1 Gitlab | 2023-11-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-34175 | 1 Jenkins | 1 Jenkins | 2023-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view. | |||||
| CVE-2022-34177 | 1 Jenkins | 1 Pipeline\ | 2023-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers able to configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. | |||||
| CVE-2022-34179 | 1 Jenkins | 1 Embeddable Build Status | 2023-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to specify paths to other SVG images on the Jenkins controller file system. | |||||
| CVE-2022-34180 | 1 Jenkins | 1 Embeddable Build Status | 2023-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build. | |||||
| CVE-2022-34181 | 1 Jenkins | 1 Xunit | 2023-11-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn't exist, and parsing files inside it as test results, allowing attackers able to control agent processes to create an arbitrary directory on the Jenkins controller or to obtain test results from existing files in an attacker-specified directory. | |||||
| CVE-2022-34199 | 1 Jenkins | 1 Convertigo Mobile Platform | 2023-11-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | |||||