Filtered by vendor Jenkins
Subscribe
Total
1603 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25174 | 1 Jenkins | 1 Pipeline\ | 2023-11-30 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. | |||||
| CVE-2022-25175 | 1 Jenkins | 1 Pipeline\ | 2023-11-30 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. | |||||
| CVE-2022-25176 | 1 Jenkins | 1 Pipeline\ | 2023-11-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system. | |||||
| CVE-2022-25177 | 1 Jenkins | 1 Pipeline\ | 2023-11-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system. | |||||
| CVE-2022-23116 | 1 Jenkins | 1 Conjur Secrets | 2023-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method. | |||||
| CVE-2022-25178 | 1 Jenkins | 1 Pipeline\ | 2023-11-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system. | |||||
| CVE-2022-25179 | 1 Jenkins | 1 Pipeline\ | 2023-11-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system. | |||||
| CVE-2022-25180 | 1 Jenkins | 1 Pipeline\ | 2023-11-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline. | |||||
| CVE-2022-25181 | 1 Jenkins | 1 Pipeline\ | 2023-11-30 | 6.5 MEDIUM | 8.8 HIGH |
| A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM through crafted SCM contents, if a global Pipeline library already exists. | |||||
| CVE-2022-25182 | 1 Jenkins | 1 Pipeline\ | 2023-11-30 | 6.5 MEDIUM | 8.8 HIGH |
| A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller JVM using specially crafted library names if a global Pipeline library is already configured. | |||||
| CVE-2022-23112 | 1 Jenkins | 1 Publish Over Ssh | 2023-11-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials. | |||||
| CVE-2022-27203 | 1 Jenkins | 1 Extended Choice Parameter | 2023-11-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller. | |||||
| CVE-2022-20618 | 1 Jenkins | 1 Bitbucket Branch Source | 2023-11-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-20619 | 1 Jenkins | 1 Bitbucket Branch Source | 2023-11-30 | 5.8 MEDIUM | 7.1 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-27204 | 1 Jenkins | 1 Extended Choice Parameter | 2023-11-30 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL. | |||||
| CVE-2022-20620 | 1 Jenkins | 1 Ssh Agent | 2023-11-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-27205 | 1 Jenkins | 1 Extended Choice Parameter | 2023-11-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | |||||
| CVE-2022-20621 | 1 Jenkins | 1 Metrics | 2023-11-30 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2022-23111 | 1 Jenkins | 1 Publish Over Ssh | 2023-11-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. | |||||
| CVE-2022-25187 | 1 Jenkins | 1 Support Core | 2023-11-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle. | |||||