Filtered by vendor Jenkins
Subscriptions
Total
1612 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39154 | 1 Jenkins | 1 Qualys Web App Scanning Connector | 2024-10-23 | 6.5 Medium |
| Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2023-39155 | 1 Jenkins | 1 Chef Identity | 2024-10-23 | 5.3 Medium |
| Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it. | ||||
| CVE-2023-39156 | 1 Jenkins | 1 Bazaar | 2024-10-23 | 5.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags. | ||||
| CVE-2023-39151 | 1 Jenkins | 1 Jenkins | 2024-10-21 | 5.4 Medium |
| Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control build log contents. | ||||
| CVE-2024-23899 | 2 Jenkins, Redhat | 2 Git Server, Ocp Tools | 2024-10-18 | 6.5 Medium |
| Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system. | ||||
| CVE-2022-28136 | 1 Jenkins | 1 Jiratestresultreporter | 2024-10-15 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | ||||
| CVE-2021-21641 | 1 Jenkins | 1 Promoted Builds | 2024-10-15 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds. | ||||
| CVE-2022-23113 | 1 Jenkins | 1 Publish Over Ssh | 2024-10-15 | 4.3 Medium |
| Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files. | ||||
| CVE-2022-25176 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift | 2024-10-15 | 6.5 Medium |
| Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system. | ||||
| CVE-2022-25190 | 1 Jenkins | 1 Conjur Secrets | 2024-10-15 | 4.3 Medium |
| A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-27211 | 1 Jenkins | 1 Kubernetes Continuous Deploy | 2024-10-15 | 6.5 Medium |
| A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-29052 | 1 Jenkins | 1 Google Compute Engine | 2024-10-15 | 4.3 Medium |
| Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2023-3414 | 1 Jenkins | 1 Servicenow Devops | 2024-10-15 | 6.1 Medium |
| A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform. | ||||
| CVE-2023-3442 | 1 Jenkins | 1 Servicenow Devops | 2024-10-15 | 7.7 High |
| A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform. | ||||
| CVE-2023-40348 | 1 Jenkins | 1 Gogs | 2024-10-08 | 5.3 Medium |
| The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output. | ||||
| CVE-2023-40351 | 1 Jenkins | 1 Favorite View | 2024-10-08 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar. | ||||
| CVE-2023-40336 | 2 Jenkins, Redhat | 2 Folders, Ocp Tools | 2024-10-08 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders. | ||||
| CVE-2023-40341 | 2 Jenkins, Redhat | 2 Blue Ocean, Ocp Tools | 2024-10-08 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job. | ||||
| CVE-2023-40342 | 1 Jenkins | 1 Flaky Test Handler | 2024-10-08 | 5.4 Medium |
| Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents. | ||||
| CVE-2023-40343 | 1 Jenkins | 1 Tuleap Authentication | 2024-10-08 | 5.9 Medium |
| Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token. | ||||