Filtered by vendor Jenkins
Subscribe
Total
1603 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41242 | 1 Jenkins | 1 Extreme-feedback | 2023-11-01 | N/A | 5.4 MEDIUM |
| A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps. | |||||
| CVE-2022-41241 | 1 Jenkins | 1 Rqm | 2023-11-01 | N/A | 9.1 CRITICAL |
| Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2022-41240 | 1 Jenkins | 1 Walti | 2023-11-01 | N/A | 5.4 MEDIUM |
| Jenkins Walti Plugin 1.0.1 and earlier does not escape the information provided by the Walti API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide malicious API responses from Walti. | |||||
| CVE-2022-41224 | 1 Jenkins | 1 Jenkins | 2023-11-01 | N/A | 5.4 MEDIUM |
| Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component. | |||||
| CVE-2022-41225 | 1 Jenkins | 1 Anchore Container Image Scanner | 2023-11-01 | N/A | 5.4 MEDIUM |
| Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore engine. | |||||
| CVE-2022-45389 | 1 Jenkins | 1 Xp-dev | 2023-11-01 | N/A | 5.3 MEDIUM |
| A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository. | |||||
| CVE-2022-45388 | 1 Jenkins | 1 Config Rotator | 2023-11-01 | N/A | 7.5 HIGH |
| Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system. | |||||
| CVE-2022-45387 | 1 Jenkins | 1 Bart | 2023-11-01 | N/A | 5.4 MEDIUM |
| Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed content of build logs before rendering it on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-45395 | 1 Jenkins | 1 Cccc | 2023-11-01 | N/A | 9.8 CRITICAL |
| Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2022-45394 | 1 Jenkins | 1 Delete Log | 2023-11-01 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read permission to delete build logs. | |||||
| CVE-2022-45393 | 1 Jenkins | 1 Delete Log | 2023-11-01 | N/A | 3.5 LOW |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs. | |||||
| CVE-2022-45392 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2023-11-01 | N/A | 6.5 MEDIUM |
| Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. | |||||
| CVE-2022-45391 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2023-11-01 | N/A | 7.5 HIGH |
| Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM. | |||||
| CVE-2022-45390 | 1 Jenkins | 1 Loader.io | 2023-11-01 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-45401 | 1 Jenkins | 1 Associated Files | 2023-11-01 | N/A | 5.4 MEDIUM |
| Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-45400 | 1 Jenkins | 1 Japex | 2023-11-01 | N/A | 9.8 CRITICAL |
| Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2022-45399 | 1 Jenkins | 1 Cluster Statistics | 2023-11-01 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. | |||||
| CVE-2022-45398 | 1 Jenkins | 1 Cluster Statistics | 2023-11-01 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. | |||||
| CVE-2022-45397 | 1 Jenkins | 1 Osf Builder Suite \ | 2023-11-01 | N/A | 9.8 CRITICAL |
| Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2022-45396 | 1 Jenkins | 1 Sourcemonitor | 2023-11-01 | N/A | 9.8 CRITICAL |
| Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||