Filtered by vendor Jenkins
Subscriptions
Total
1606 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-21610 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-03 | 6.1 Medium |
| Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected cross-site scripting (XSS) vulnerability if the configured markup formatter does not prohibit unsafe elements (JavaScript) in markup. | ||||
| CVE-2021-21606 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-03 | 4.3 Medium |
| Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path. | ||||
| CVE-2021-21604 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-03 | 8.0 High |
| Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator. | ||||
| CVE-2021-21641 | 1 Jenkins | 1 Promoted Builds | 2024-08-03 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds. | ||||
| CVE-2021-21605 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-03 | 8.0 High |
| Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file. | ||||
| CVE-2021-21603 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-03 | 5.4 Medium |
| Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2022-46686 | 1 Jenkins | 1 Custom Build Properties | 2024-08-03 | 5.4 Medium |
| Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set or change these values. | ||||
| CVE-2022-46688 | 1 Jenkins | 1 Sonar Gerrit | 2024-08-03 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers (previously configured by Jenkins administrators) using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | ||||
| CVE-2022-46684 | 1 Jenkins | 1 Checkmarx | 2024-08-03 | 5.4 Medium |
| Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting (XSS) vulnerability. | ||||
| CVE-2022-46682 | 1 Jenkins | 1 Plot | 2024-08-03 | 9.8 Critical |
| Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-46683 | 1 Jenkins | 1 Google Login | 2024-08-03 | 6.1 Medium |
| Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins. | ||||
| CVE-2022-46687 | 1 Jenkins | 1 Spring Config | 2024-08-03 | 5.4 Medium |
| Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to change build display names. | ||||
| CVE-2022-45382 | 1 Jenkins | 1 Naginator | 2024-08-03 | 5.4 Medium |
| Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to edit build display names. | ||||
| CVE-2022-45392 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2024-08-03 | 6.5 Medium |
| Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2022-45396 | 1 Jenkins | 1 Sourcemonitor | 2024-08-03 | 9.8 Critical |
| Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-45397 | 1 Jenkins | 1 Osf Builder Suite \ | 2024-08-03 | 9.8 Critical |
| Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-45401 | 1 Jenkins | 1 Associated Files | 2024-08-03 | 5.4 Medium |
| Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-45379 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-08-03 | 7.5 High |
| Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks. | ||||
| CVE-2022-45380 | 2 Jenkins, Redhat | 2 Junit, Openshift | 2024-08-03 | 5.4 Medium |
| Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-45400 | 1 Jenkins | 1 Japex | 2024-08-03 | 9.8 Critical |
| Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||