Filtered by vendor Jenkins
Subscriptions
Total
1606 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-21663 | 1 Jenkins | 1 Xebialabs Xl Deploy | 2024-08-03 | 4.3 Medium |
| A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins. | ||||
| CVE-2021-21666 | 1 Jenkins | 1 Kiuwan | 2024-08-03 | 6.1 Medium |
| Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query parameters in an error message for a form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. | ||||
| CVE-2021-21690 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-03 | 9.8 Critical |
| Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | ||||
| CVE-2021-21668 | 1 Jenkins | 1 Scriptler | 2024-08-03 | 5.4 Medium |
| Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission. | ||||
| CVE-2021-21675 | 1 Jenkins | 1 Requests | 2024-08-03 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests. | ||||
| CVE-2021-21658 | 1 Jenkins | 1 Nuget | 2024-08-03 | 9.1 Critical |
| Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2021-21698 | 2 Jenkins, Redhat | 2 Subversion, Openshift | 2024-08-03 | 7.5 High |
| Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent. | ||||
| CVE-2021-21671 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-03 | 7.5 High |
| Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login. | ||||
| CVE-2021-21655 | 1 Jenkins | 1 P4 | 2024-08-03 | 7.1 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password. | ||||
| CVE-2021-21672 | 1 Jenkins | 1 Selenium Html Report | 2024-08-03 | 4.3 Medium |
| Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2021-21660 | 1 Jenkins | 1 Markdown Formatter | 2024-08-03 | 5.4 Medium |
| Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to edit any description rendered using the configured markup formatter. | ||||
| CVE-2021-21651 | 1 Jenkins | 1 S3 Publisher | 2024-08-03 | 4.3 Medium |
| Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles. | ||||
| CVE-2021-21664 | 1 Jenkins | 1 Xebialabs Xl Deploy | 2024-08-03 | 6.5 Medium |
| An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins. | ||||
| CVE-2021-21653 | 1 Jenkins | 1 Xray - Test Management For Jira | 2024-08-03 | 4.3 Medium |
| Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not perform a permission check in an HTTP endpoint, allowing with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2021-21659 | 1 Jenkins | 1 Urltrigger | 2024-08-03 | 8.1 High |
| Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2021-21652 | 1 Jenkins | 1 Xray - Test Management For Jira | 2024-08-03 | 7.1 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2021-21650 | 1 Jenkins | 1 S3 Publisher | 2024-08-03 | 4.3 Medium |
| Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is enabled. | ||||
| CVE-2021-21654 | 1 Jenkins | 1 P4 | 2024-08-03 | 4.3 Medium |
| Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server using attacker-specified username and password. | ||||
| CVE-2021-21648 | 2 Jenkins, Redhat | 2 Credentials, Openshift | 2024-08-03 | 6.1 Medium |
| Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability. | ||||
| CVE-2021-21649 | 1 Jenkins | 1 Dashboard View | 2024-08-03 | 5.4 Medium |
| Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. | ||||