Skip to main content
CVE-2022-34181 CRITICAL PATCH Act Now

Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn't exist, and parsing files inside it as test results, allowing. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Xunit
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2022-32987 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in /bsms/?page=manage_account of Simple Bakery Shop Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Bakery Shop Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-34203 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins EasyQA Plugin 1.0 and earlier allows attackers to connect to an attacker-specified HTTP server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Easyqa
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-34200 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Convertigo Mobile Platform
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-32553 HIGH This Week

Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Purity Fa Purity Fb
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-32552 HIGH This Week

Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Python Purity Fa Purity Fb
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-32536 HIGH This Week

The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 was insufficient. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Pra Es8P2S Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-22967 HIGH PATCH This Week

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Salt
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-34013 MEDIUM POC This Month

OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Logo parameter under the Link module. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Oneblog
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-34011 MEDIUM POC This Month

OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the parameter entryUrls. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Oneblog
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-2147 HIGH This Week

Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Microsoft Warp
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-26864 HIGH This Week

Prior Dell BIOS versions contain an Input Validation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Alienware M15 R5 Firmware G15 5515 Firmware G5 Se 5505 Firmware +31
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-26863 HIGH This Week

Prior Dell BIOS versions contain an Input Validation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Alienware M15 R5 Firmware G15 5515 Firmware G5 Se 5505 Firmware +31
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-26862 HIGH This Week

Prior Dell BIOS versions contain an Input Validation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Alienware M15 R5 Firmware G15 5515 Firmware G5 Se 5505 Firmware +31
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-34180 HIGH PATCH This Week

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Embeddable Build Status
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-34179 HIGH PATCH This Week

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Path Traversal Embeddable Build Status
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-34177 HIGH PATCH This Week

Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Path Traversal Pipeline
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-34175 HIGH PATCH This Week

Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-34174 HIGH PATCH This Week

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-34213 MEDIUM This Month

Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Squash Tm Publisher
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-34211 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Vrealize Orchestrator
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-34210 MEDIUM This Month

A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Threadfix
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-34209 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers to connect to an attacker-specified URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Threadfix
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-34207 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Beaker Builder
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-34205 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Jianliao Notification
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-34202 MEDIUM This Month

Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Easyqa
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-34201 MEDIUM This Month

A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Convertigo Mobile Platform
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-34199 MEDIUM This Month

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Convertigo Mobile Platform
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-31009 MEDIUM PATCH This Month

wire-ios is an iOS client for the Wire secure messaging application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Apple Wire
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-34182 MEDIUM PATCH This Month

Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Nested View
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-34178 MEDIUM PATCH This Month

Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Embeddable Build Status
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-34212 MEDIUM This Month

A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Vrealize Orchestrator
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2022-34198 MEDIUM This Month

Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escape the name and description of Stash Branch parameters on views displaying parameters, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Stash Branch Parameter
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-34197 MEDIUM PATCH This Month

Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the name and description of Sauce Labs Browsers parameters on views displaying parameters, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Sauce Ondemand
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-34196 MEDIUM PATCH This Month

Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Rest List Parameter
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-34195 MEDIUM This Month

Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting in a stored cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Repository Connector
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-34194 MEDIUM This Month

Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Readonly Parameter
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-34193 MEDIUM This Month

Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Package Version
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-34192 MEDIUM This Month

Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Ontrack
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-34191 MEDIUM PATCH This Month

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying parameters, resulting in a stored cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Ns Nd Integration Performance Publisher
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-34190 MEDIUM This Month

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Maven Metadata
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-34189 MEDIUM This Month

Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Image Tag parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Image Tag Parameter
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-34188 MEDIUM PATCH This Month

Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Hidden Parameter
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-34187 MEDIUM This Month

Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Filesystem List Parameter
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-34186 MEDIUM This Month

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Dynamic Extended Choice Parameter
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-34185 MEDIUM This Month

Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Date Parameter
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-34184 MEDIUM This Month

Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Crx Content Package Deployer
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-34183 MEDIUM This Month

Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Agent Server Parameter
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-34176 MEDIUM PATCH This Month

Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Junit
NVD
CVSS 3.1
5.4
EPSS
77.0%
CVE-2022-34173 MEDIUM PATCH This Month

In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins
NVD
CVSS 3.1
5.4
EPSS
1.4%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy