Filtered by vendor Jenkins
Subscriptions
Total
1606 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-34786 | 1 Jenkins | 1 Rich Text Publisher | 2024-08-03 | 5.4 Medium |
Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs. | ||||
CVE-2022-34810 | 1 Jenkins | 1 Rqm | 2024-08-03 | 6.5 Medium |
A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
CVE-2022-34801 | 1 Jenkins | 1 Build Notifications | 2024-08-03 | 4.3 Medium |
Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | ||||
CVE-2022-34812 | 1 Jenkins | 1 Xpath Configuration Viewer | 2024-08-03 | 4.3 Medium |
A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions. | ||||
CVE-2022-34807 | 1 Jenkins | 1 Elasticsearch Query | 2024-08-03 | 6.5 Medium |
Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
CVE-2022-34789 | 1 Jenkins | 1 Matrix Reloaded | 2024-08-03 | 6.5 Medium |
A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds. | ||||
CVE-2022-34809 | 1 Jenkins | 1 Rqm | 2024-08-03 | 6.5 Medium |
Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
CVE-2022-34795 | 1 Jenkins | 1 Deployment Dashboard | 2024-08-03 | 5.4 Medium |
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. | ||||
CVE-2022-34806 | 1 Jenkins | 1 Jigomerge | 2024-08-03 | 6.5 Medium |
Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | ||||
CVE-2022-34815 | 1 Jenkins | 1 Request Rename Or Delete | 2024-08-03 | 4.3 Medium |
A cross-site request forgery (CSRF) vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs. | ||||
CVE-2022-34811 | 1 Jenkins | 1 Xpath Configuration Viewer | 2024-08-03 | 4.3 Medium |
A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. | ||||
CVE-2022-34794 | 1 Jenkins | 1 Recipe | 2024-08-03 | 6.5 Medium |
Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. | ||||
CVE-2022-34796 | 1 Jenkins | 1 Deployment Dashboard | 2024-08-03 | 4.3 Medium |
A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
CVE-2022-34787 | 1 Jenkins | 1 Project Inheritance | 2024-08-03 | 5.4 Medium |
Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked. | ||||
CVE-2022-34797 | 1 Jenkins | 1 Deployment Dashboard | 2024-08-03 | 4.3 Medium |
A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials. | ||||
CVE-2022-34799 | 1 Jenkins | 1 Deployment Dashboard | 2024-08-03 | 4.3 Medium |
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
CVE-2022-34777 | 1 Jenkins | 1 Gitlab | 2024-08-03 | 5.4 Medium |
Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
CVE-2022-34813 | 1 Jenkins | 1 Xpath Configuration Viewer | 2024-08-03 | 4.3 Medium |
A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions. | ||||
CVE-2022-34814 | 1 Jenkins | 1 Request Rename Or Delete | 2024-08-03 | 4.3 Medium |
Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration page listing pending requests. | ||||
CVE-2022-34778 | 1 Jenkins | 1 Testng Results | 2024-08-03 | 5.4 Medium |
Jenkins TestNG Results Plugin 554.va4a552116332 and earlier renders the unescaped test descriptions and exception messages provided in test results if certain job-level options are set, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or control test results. |