Skip to main content

Jenkins

1691 CVEs vendor

Monthly

CVE-2022-41244 Maven HIGH This Week

Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jenkins View26 Test Reporting
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-41243 Maven HIGH This Week

Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jenkins Smalltest
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-41242 Maven MEDIUM This Month

A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Extreme Feedback
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-41241 Maven CRITICAL Act Now

Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Jenkins Rqm
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-41240 Maven MEDIUM This Month

Jenkins Walti Plugin 1.0.1 and earlier does not escape the information provided by the Walti API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Walti
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-41239 Maven MEDIUM This Month

Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Dotci
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-41238 Maven CRITICAL Act Now

A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Dotci
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-41237 Maven CRITICAL Act Now

Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Jenkins Dotci
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-41236 Maven HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Security Inspector
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-41235 Maven MEDIUM This Month

Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Wildfly Deployer
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-41234 Maven HIGH PATCH This Week

Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Rundeck
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-41233 Maven MEDIUM PATCH This Month

Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Rundeck
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-41232 Maven HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Jenkins Build Publisher
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2022-41231 Maven MEDIUM This Month

Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Jenkins Build Publisher
NVD
CVSS 3.1
5.7
EPSS
1.2%
CVE-2022-41230 Maven MEDIUM This Month

Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Build Publisher
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-41229 Maven MEDIUM PATCH This Month

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Ns Nd Integration Performance Publisher
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-41228 Maven HIGH PATCH This Week

A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Ns Nd Integration Performance Publisher
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-41227 Maven HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Ns Nd Integration Performance Publisher
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-41226 Maven CRITICAL PATCH Act Now

Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Jenkins Compuware Common Configuration
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-41225 Maven MEDIUM PATCH This Month

Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Anchore Container Image Scanner
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-41224 Maven MEDIUM PATCH This Month

Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-38665 Maven MEDIUM PATCH This Month

Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Collabnet
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-38664 Maven MEDIUM PATCH This Month

Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Job Configuration History
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-38663 Maven MEDIUM PATCH This Month

Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Git
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-36922 Maven MEDIUM PATCH This Month

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Lucene Search
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-36921 Maven HIGH This Week

A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Coverity
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-36920 Maven HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Coverity
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-36919 Maven MEDIUM This Month

A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Coverity
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-36918 Maven MEDIUM This Month

Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Buckminster
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-36917 Maven MEDIUM This Month

A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers with Overall/Read permission to request a manual backup. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass Jenkins Google Cloud Backup
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-36916 Maven HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers to request a manual backup. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google CSRF Jenkins Google Cloud Backup
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2022-36915 Maven MEDIUM This Month

Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass Jenkins Android Signing
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-36914 Maven MEDIUM This Month

Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Files Found Trigger
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-36913 Maven MEDIUM This Month

Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Openstack Heat
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-36912 Maven MEDIUM This Month

A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Openstack Heat
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-36911 Maven MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Openstack Heat
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-36910 Maven MEDIUM PATCH This Month

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Lucene Search
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-36909 Maven MEDIUM This Month

A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Openshift Deployer
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-36908 Maven MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Openshift Deployer
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-36907 Maven MEDIUM This Month

A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Openshift Deployer
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-36906 Maven MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Openshift Deployer
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-36905 Maven MEDIUM This Month

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Maven Metadata
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-36904 Maven MEDIUM This Month

Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Repository Connector
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-36903 Maven MEDIUM This Month

A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Repository Connector
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-36902 Maven MEDIUM This Month

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Dynamic Extended Choice Parameter
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-36901 Maven MEDIUM PATCH This Month

Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Http Request
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-36900 Maven HIGH PATCH This Week

Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jenkins Compuware Zadviser Api
NVD
CVSS 3.1
8.2
EPSS
0.8%
CVE-2022-36899 Maven HIGH PATCH This Week

Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jenkins Compuware Ispw Operations
NVD
CVSS 3.1
8.2
EPSS
0.9%
CVE-2022-36898 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Compuware Ispw Operations
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-36897 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Compuware Xpediter Code Coverage
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-36896 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Compuware Source Code Download For Endevor Pds And Ispw
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-36895 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Compuware Topaz Utilities
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-36894 Maven MEDIUM PATCH This Month

An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfb_f and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Clif Performance Testing
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-36893 Maven MEDIUM PATCH This Month

Jenkins rpmsign-plugin Plugin 0.5.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Rpmsign Plugin
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-36892 Maven MEDIUM PATCH This Month

Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Rhnpush Plugin
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-36891 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Deployer Framework
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-36890 Maven MEDIUM PATCH This Month

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Jenkins Deployer Framework
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2022-36889 Maven HIGH PATCH This Week

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Jenkins Deployer Framework
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-36888 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Jenkins Hashicorp Vault
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-36887 Maven MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Job Configuration History
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-36886 Maven MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins External Monitor Job Type Plugin 191.v363d0d1efdf8 and earlier allows attackers to create runs of an external job. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins External Monitor Job Type
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-36885 Maven MEDIUM PATCH This Month

Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Github
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-36884 Maven MEDIUM PATCH This Month

The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Git
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-36883 Maven HIGH POC PATCH This Week

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Git
NVD
CVSS 3.1
7.5
EPSS
5.6%
CVE-2022-36882 Maven HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Git
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-36881 Maven HIGH PATCH This Week

Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jenkins Git Client
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-2048 Maven HIGH PATCH This Week

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jetty Debian Linux Element Plug In For Vcenter Server Management Services For Element Software And Netapp Hci +4
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-34818 Maven MEDIUM This Month

Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints, allowing attackers with Overall/Read permission to disable jobs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Failed Job Deactivator
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-34817 Maven MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Failed Job Deactivator
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-34816 Maven MEDIUM This Month

Jenkins HPE Network Virtualization Plugin 1.0 stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Hpe Network Virtualization
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-34815 Maven MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Request Rename Or Delete
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-34814 Maven MEDIUM This Month

Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Request Rename Or Delete
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-34813 Maven MEDIUM This Month

A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Xpath Configuration Viewer
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-34812 Maven MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Xpath Configuration Viewer
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-34811 Maven MEDIUM This Month

A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Xpath Configuration Viewer
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-34810 Maven MEDIUM This Month

A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Rqm
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-34809 Maven MEDIUM This Month

Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Rqm
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-34808 Maven MEDIUM This Month

Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Jenkins Information Disclosure Cisco Spark
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-34807 Maven MEDIUM This Month

Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Elastic Jenkins Elasticsearch Query
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-34806 Maven MEDIUM This Month

Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Jigomerge
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-34805 Maven MEDIUM This Month

Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Skype Notifier
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-34804 Maven MEDIUM This Month

Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain text as part of the global Jenkins configuration form and job configuration forms, potentially resulting in their exposure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Opsgenie
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-34803 Maven MEDIUM This Month

Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Opsgenie
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-34802 Maven MEDIUM This Month

Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Rocketchat Notifier
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-34801 Maven MEDIUM This Month

Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Build Notifications
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-34800 Maven MEDIUM This Month

Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Build Notifications
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-34799 Maven MEDIUM This Month

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Deployment Dashboard
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-34798 Maven MEDIUM This Month

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Deployment Dashboard
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-34797 Maven MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Deployment Dashboard
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-34796 Maven MEDIUM This Month

A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Deployment Dashboard
NVD
CVSS 3.1
4.3
EPSS
0.7%
EPSS 1% CVSS 8.1
HIGH This Week

Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jenkins View26 Test Reporting
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jenkins Smalltest
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Extreme Feedback
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Jenkins Rqm
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Jenkins Walti Plugin 1.0.1 and earlier does not escape the information provided by the Walti API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Walti
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Dotci
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Dotci
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Jenkins +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Security Inspector
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Wildfly Deployer
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Rundeck
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Rundeck
NVD
EPSS 0% CVSS 8.0
HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Jenkins Build Publisher
NVD
EPSS 1% CVSS 5.7
MEDIUM This Month

Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Jenkins Build Publisher
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Build Publisher
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Ns Nd Integration Performance Publisher
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Ns Nd Integration Performance Publisher
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Ns Nd Integration Performance Publisher
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Jenkins Compuware Common Configuration
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Anchore Container Image Scanner
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Collabnet
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Job Configuration History
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Git
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Lucene Search
NVD
EPSS 1% CVSS 8.1
HIGH This Week

A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Coverity
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Coverity
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Coverity
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Buckminster
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers with Overall/Read permission to request a manual backup. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass Jenkins +1
NVD
EPSS 0% CVSS 8.0
HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers to request a manual backup. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google CSRF Jenkins +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass Jenkins +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Files Found Trigger
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Openstack Heat
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Openstack Heat
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Openstack Heat
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Lucene Search
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Openshift Deployer
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Openshift Deployer
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Openshift Deployer
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Openshift Deployer
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Maven Metadata
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Repository Connector
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Repository Connector
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Dynamic Extended Choice Parameter
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Http Request
NVD
EPSS 1% CVSS 8.2
HIGH PATCH This Week

Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jenkins +1
NVD
EPSS 1% CVSS 8.2
HIGH PATCH This Week

Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jenkins +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Compuware Ispw Operations
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Compuware Xpediter Code Coverage
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Compuware Source Code Download For Endevor Pds And Ispw
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Compuware Topaz Utilities
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfb_f and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Clif Performance Testing
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins rpmsign-plugin Plugin 0.5.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Rpmsign Plugin
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Rhnpush Plugin
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Deployer Framework
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Jenkins Deployer Framework
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Jenkins Deployer Framework
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Jenkins +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Job Configuration History
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins External Monitor Job Type Plugin 191.v363d0d1efdf8 and earlier allows attackers to create runs of an external job. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins External Monitor Job Type
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Github
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Git
NVD
EPSS 6% CVSS 7.5
HIGH POC PATCH This Week

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Git
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Git
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jenkins Git Client
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jetty Debian Linux +6
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM This Month

Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints, allowing attackers with Overall/Read permission to disable jobs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Failed Job Deactivator
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Failed Job Deactivator
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Jenkins HPE Network Virtualization Plugin 1.0 stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Hpe Network Virtualization
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Request Rename Or Delete
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Request Rename Or Delete
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Xpath Configuration Viewer
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Xpath Configuration Viewer
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Xpath Configuration Viewer
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Rqm
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Rqm
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Elastic Jenkins +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Jigomerge
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Skype Notifier
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain text as part of the global Jenkins configuration form and job configuration forms, potentially resulting in their exposure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Opsgenie
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Opsgenie
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Rocketchat Notifier
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Build Notifications
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Build Notifications
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Deployment Dashboard
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Deployment Dashboard
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Deployment Dashboard
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Deployment Dashboard
NVD
Prev Page 7 of 19 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy