Skip to main content

Lucene Search

3 CVEs product

Monthly

CVE-2023-30529 Maven MEDIUM PATCH This Month

Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Lucene Search
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-36922 Maven MEDIUM PATCH This Month

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Lucene Search
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-36910 Maven MEDIUM PATCH This Month

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Lucene Search
NVD
CVSS 3.1
5.4
EPSS
0.4%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Lucene Search
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Lucene Search
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Lucene Search
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy