Filtered by vendor Jenkins
Subscribe
Total
1603 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34787 | 1 Jenkins | 1 Project Inheritance | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked. | |||||
| CVE-2021-21665 | 1 Jenkins | 1 Xebialabs Xl Deploy | 2023-12-21 | 6.0 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins. | |||||
| CVE-2022-29048 | 2 Apple, Jenkins | 2 Macos, Subversion | 2023-12-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL. | |||||
| CVE-2020-2241 | 1 Jenkins | 1 Database | 2023-12-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials. | |||||
| CVE-2022-28136 | 1 Jenkins | 1 Jiratestresultreporter | 2023-12-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2022-27210 | 1 Jenkins | 1 Kubernetes Continuous Deploy | 2023-12-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2020-2281 | 1 Jenkins | 1 Lockable Resources | 2023-12-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources. | |||||
| CVE-2023-50775 | 1 Jenkins | 1 Deployment Dashboard | 2023-12-18 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs. | |||||
| CVE-2023-50776 | 1 Jenkins | 1 Paaslane Estimate | 2023-12-18 | N/A | 4.3 MEDIUM |
| Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2023-50777 | 1 Jenkins | 1 Paaslane Estimate | 2023-12-18 | N/A | 4.3 MEDIUM |
| Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | |||||
| CVE-2023-50778 | 1 Jenkins | 1 Paaslane Estimate | 2023-12-18 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token. | |||||
| CVE-2023-50779 | 1 Jenkins | 1 Paaslane Estimate | 2023-12-18 | N/A | 4.3 MEDIUM |
| Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token. | |||||
| CVE-2023-50764 | 1 Jenkins | 1 Scriptler | 2023-12-18 | N/A | 8.1 HIGH |
| Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system. | |||||
| CVE-2023-50765 | 1 Jenkins | 1 Scriptler | 2023-12-18 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID. | |||||
| CVE-2023-50766 | 1 Jenkins | 1 Nexus Platform | 2023-12-18 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML. | |||||
| CVE-2023-50767 | 1 Jenkins | 1 Nexus Platform | 2023-12-18 | N/A | 5.4 MEDIUM |
| Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. | |||||
| CVE-2023-50768 | 1 Jenkins | 1 Nexus Platform | 2023-12-18 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-50769 | 1 Jenkins | 1 Nexus Platform | 2023-12-18 | N/A | 4.3 MEDIUM |
| Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-50770 | 1 Jenkins | 1 Openid | 2023-12-18 | N/A | 6.7 MEDIUM |
| Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins. | |||||
| CVE-2023-50771 | 1 Jenkins | 1 Openid | 2023-12-18 | N/A | 6.1 MEDIUM |
| Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | |||||