Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Jenkins Subscribe
Total 1603 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-21622 1 Jenkins 1 Artifact Repository Parameter 2023-11-03 3.5 LOW 5.4 MEDIUM
Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
CVE-2021-21628 1 Jenkins 1 Build With Parameters 2023-11-03 3.5 LOW 5.4 MEDIUM
Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
CVE-2021-21630 1 Jenkins 1 Extra Columns 2023-11-03 3.5 LOW 5.4 MEDIUM
Jenkins Extra Columns Plugin 1.22 and earlier does not escape parameter values in the build parameters column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
CVE-2021-21635 1 Jenkins 1 Rest List Parameter 2023-11-03 3.5 LOW 5.4 MEDIUM
Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
CVE-2021-21648 1 Jenkins 1 Credentials 2023-11-03 4.3 MEDIUM 6.1 MEDIUM
Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability.
CVE-2021-21649 1 Jenkins 1 Dashboard View 2023-11-03 3.5 LOW 5.4 MEDIUM
Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.
CVE-2021-21660 1 Jenkins 1 Markdown Formatter 2023-11-03 3.5 LOW 5.4 MEDIUM
Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to edit any description rendered using the configured markup formatter.
CVE-2021-21666 1 Jenkins 1 Kiuwan 2023-11-03 4.3 MEDIUM 6.1 MEDIUM
Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query parameters in an error message for a form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.
CVE-2021-21667 1 Jenkins 1 Scriptler 2023-11-03 3.5 LOW 5.4 MEDIUM
Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.
CVE-2021-21668 1 Jenkins 1 Scriptler 2023-11-03 3.5 LOW 5.4 MEDIUM
Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.
CVE-2022-25194 1 Jenkins 1 Autonomiq 2023-11-03 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery (CSRF) vulnerability in Jenkins autonomiq Plugin 1.15 and earlier allows attackers to connect to an attacker-specified URL server using attacker-specified credentials.
CVE-2022-25192 1 Jenkins 1 Snow Commander 2023-11-03 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Commander Plugin 1.10 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2022-25193 1 Jenkins 1 Snow Commander 2023-11-03 4.0 MEDIUM 6.5 MEDIUM
Missing permission checks in Jenkins Snow Commander Plugin 1.10 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2022-25191 1 Jenkins 1 Agent Server Parameter 2023-11-03 3.5 LOW 5.4 MEDIUM
Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape parameter names of agent server parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-25185 1 Jenkins 1 Generic Webhook Trigger 2023-11-03 3.5 LOW 5.4 MEDIUM
Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-25184 1 Jenkins 1 Pipeline\ 2023-11-03 4.0 MEDIUM 6.5 MEDIUM
Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs.
CVE-2022-25198 1 Jenkins 1 Scp Publisher 2023-11-03 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.
CVE-2022-25197 1 Jenkins 1 Hashicorp Vault 2023-11-03 4.0 MEDIUM 6.5 MEDIUM
Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.
CVE-2022-25196 1 Jenkins 1 Gitlab Authentication 2023-11-03 4.9 MEDIUM 5.4 MEDIUM
Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in.
CVE-2022-25195 1 Jenkins 1 Autonomiq 2023-11-03 4.0 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins autonomiq Plugin 1.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.