Filtered by vendor Jenkins
Subscribe
Total
1647 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25201 | 1 Jenkins | 1 Checkmarx | 2023-11-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-25200 | 1 Jenkins | 1 Checkmarx | 2023-11-03 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-25199 | 1 Jenkins | 1 Scp Publisher | 2023-11-03 | 6.5 MEDIUM | 8.8 HIGH |
| A missing permission check in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. | |||||
| CVE-2022-25210 | 1 Jenkins | 1 Convertigo Mobile Platform | 2023-11-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured. | |||||
| CVE-2022-25209 | 1 Jenkins | 1 Chef Sinatra | 2023-11-03 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2022-25208 | 1 Jenkins | 1 Chef Sinatra | 2023-11-03 | 6.5 MEDIUM | 8.8 HIGH |
| A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response. | |||||
| CVE-2022-25205 | 1 Jenkins | 1 Dbcharts | 2023-11-03 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if a class is available in the Jenkins instance. | |||||
| CVE-2022-25207 | 1 Jenkins | 1 Chef Sinatra | 2023-11-03 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response. | |||||
| CVE-2022-25206 | 1 Jenkins | 1 Dbcharts | 2023-11-03 | 6.5 MEDIUM | 8.8 HIGH |
| A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials. | |||||
| CVE-2021-21613 | 1 Jenkins | 1 Tics | 2023-11-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS service responses, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control TICS service response content. | |||||
| CVE-2022-34194 | 1 Jenkins | 1 Readonly Parameter | 2023-11-03 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34192 | 1 Jenkins | 1 Ontrack | 2023-11-03 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34191 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2023-11-03 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34189 | 1 Jenkins | 1 Image Tag Parameter | 2023-11-03 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Image Tag parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34193 | 1 Jenkins | 1 Package Version | 2023-11-03 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34188 | 1 Jenkins | 1 Hidden Parameter | 2023-11-03 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34190 | 1 Jenkins | 1 Maven Metadata | 2023-11-03 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34185 | 1 Jenkins | 1 Date Parameter | 2023-11-03 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34186 | 1 Jenkins | 1 Dynamic Extended Choice Parameter | 2023-11-03 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30964 | 1 Jenkins | 1 Multiselect Parameter | 2023-11-03 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Multiselect parameter Plugin 1.3 and earlier does not escape the name and description of Multiselect parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||