Skip to main content

Global Build Stats

2 CVEs product

Monthly

CVE-2025-58459 Maven MEDIUM PATCH Monitor

Jenkins global-build-stats Plugin 322.v22f4db_18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Global Build Stats
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2022-27207 Maven MEDIUM This Month

Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Global Build Stats
NVD
CVSS 3.1
4.8
EPSS
0.8%
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

Jenkins global-build-stats Plugin 322.v22f4db_18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Global Build Stats
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Global Build Stats
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy