Skip to main content

Job Import

4 CVEs product

Monthly

CVE-2022-43413 Maven MEDIUM PATCH This Month

Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Job Import
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2019-1003017 Maven MEDIUM PATCH This Month

A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins CSRF Job Import
NVD
CVSS 3.0
5.3
EPSS
0.5%
CVE-2019-1003016 Maven HIGH PATCH This Week

An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins CSRF Job Import
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-1003015 Maven CRITICAL PATCH Act Now

An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Java Denial Of Service Jenkins Job Import
NVD
CVSS 3.0
9.1
EPSS
1.8%
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Job Import
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins CSRF +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins CSRF +1
NVD
EPSS 2% CVSS 9.1
CRITICAL PATCH Act Now

An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Java Denial Of Service +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy