Skip to main content

Build Publisher

3 CVEs product

Monthly

CVE-2022-41232 Maven HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Jenkins Build Publisher
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2022-41231 Maven MEDIUM This Month

Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Jenkins Build Publisher
NVD
CVSS 3.1
5.7
EPSS
1.2%
CVE-2022-41230 Maven MEDIUM This Month

Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Build Publisher
NVD
CVSS 3.1
4.3
EPSS
0.5%
EPSS 0% CVSS 8.0
HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Jenkins Build Publisher
NVD
EPSS 1% CVSS 5.7
MEDIUM This Month

Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Jenkins Build Publisher
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Build Publisher
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy