Filtered by vendor Jenkins
Subscribe
Total
1647 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28138 | 1 Jenkins | 1 Rocketchat Notifier | 2023-11-17 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credential. | |||||
| CVE-2022-28139 | 1 Jenkins | 1 Rocketchat Notifier | 2023-11-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2022-28148 | 2 Jenkins, Microsoft | 2 Continuous Integration With Toad Edge, Windows | 2023-11-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers. | |||||
| CVE-2022-29041 | 1 Jenkins | 1 Jira | 2023-11-17 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-29042 | 1 Jenkins | 1 Job Generator | 2023-11-17 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs' Build With Parameters views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-29043 | 1 Jenkins | 1 Mask Passwords | 2023-11-17 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-28147 | 1 Jenkins | 1 Continuous Integration With Toad Edge | 2023-11-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | |||||
| CVE-2022-28144 | 1 Jenkins | 1 Proxmox | 2023-11-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters. | |||||
| CVE-2022-28146 | 1 Jenkins | 1 Continuous Integration With Toad Edge | 2023-11-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller by specifying an input folder on the Jenkins controller as a parameter to its build steps. | |||||
| CVE-2022-29040 | 1 Jenkins | 1 Git Parameter | 2023-11-17 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-28145 | 1 Jenkins | 1 Continuous Integration With Toad Edge | 2023-11-17 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting (XSS) exploitable by attackers with Item/Configure permission or otherwise able to control report contents. | |||||
| CVE-2022-29037 | 1 Jenkins | 1 Cvs | 2023-11-17 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-29039 | 1 Jenkins | 1 Gerrit Trigger | 2023-11-17 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-29036 | 1 Jenkins | 1 Credentials | 2023-11-17 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-29038 | 1 Jenkins | 1 Extended Choice Parameter | 2023-11-17 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-23105 | 1 Jenkins | 1 Active Directory | 2023-11-15 | 2.9 LOW | 6.5 MEDIUM |
| Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations. | |||||
| CVE-2022-23108 | 1 Jenkins | 1 Badge | 2023-11-15 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-23107 | 1 Jenkins | 1 Warnings Next Generation | 2023-11-15 | 5.5 MEDIUM | 8.1 HIGH |
| Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system. | |||||
| CVE-2022-27206 | 1 Jenkins | 1 Gitlab Authentication | 2023-11-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2022-23106 | 1 Jenkins | 1 Configuration As Code | 2023-11-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token. | |||||