Filtered by vendor Jenkins
Subscriptions
Total
1612 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41244 | 1 Jenkins | 1 View26 Test-reporting | 2024-11-21 | 8.1 High |
| Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections. | ||||
| CVE-2022-41243 | 1 Jenkins | 1 Smalltest | 2024-11-21 | 8.1 High |
| Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections. | ||||
| CVE-2022-41242 | 1 Jenkins | 1 Extreme-feedback | 2024-11-21 | 5.4 Medium |
| A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps. | ||||
| CVE-2022-41241 | 1 Jenkins | 1 Rqm | 2024-11-21 | 9.1 Critical |
| Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-41240 | 1 Jenkins | 1 Walti | 2024-11-21 | 5.4 Medium |
| Jenkins Walti Plugin 1.0.1 and earlier does not escape the information provided by the Walti API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide malicious API responses from Walti. | ||||
| CVE-2022-41239 | 1 Jenkins | 1 Dotci | 2024-11-21 | 5.4 Medium |
| Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability. | ||||
| CVE-2022-41238 | 1 Jenkins | 1 Dotci | 2024-11-21 | 9.8 Critical |
| A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits. | ||||
| CVE-2022-41237 | 1 Jenkins | 1 Dotci | 2024-11-21 | 9.8 Critical |
| Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2022-41236 | 1 Jenkins | 1 Security Inspector | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified report generation options. | ||||
| CVE-2022-41235 | 1 Jenkins | 1 Wildfly Deployer | 2024-11-21 | 5.3 Medium |
| Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. | ||||
| CVE-2022-41234 | 1 Jenkins | 1 Rundeck | 2024-11-21 | 8.8 High |
| Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be triggerable via Rundeck. | ||||
| CVE-2022-41233 | 1 Jenkins | 1 Rundeck | 2024-11-21 | 4.3 Medium |
| Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled. | ||||
| CVE-2022-41232 | 1 Jenkins | 1 Build-publisher | 2024-11-21 | 8.0 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint. | ||||
| CVE-2022-41231 | 1 Jenkins | 1 Build-publisher | 2024-11-21 | 5.7 Medium |
| Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint. | ||||
| CVE-2022-41230 | 1 Jenkins | 1 Build-publisher | 2024-11-21 | 4.3 Medium |
| Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to those Jenkins servers. | ||||
| CVE-2022-41229 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2024-11-21 | 5.4 Medium |
| Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-41228 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2024-11-21 | 8.8 High |
| A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials. | ||||
| CVE-2022-41227 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. | ||||
| CVE-2022-41226 | 1 Jenkins | 1 Compuware Common Configuration | 2024-11-21 | 9.8 Critical |
| Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-41225 | 1 Jenkins | 1 Anchore Container Image Scanner | 2024-11-21 | 5.4 Medium |
| Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore engine. | ||||