Jenkins CVE - OpenCVE

Filtered by vendor Jenkins Subscriptions

Total 1606 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-34209	1 Jenkins	1 Threadfix	2024-08-03	6.5 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers to connect to an attacker-specified URL.
CVE-2022-34195	1 Jenkins	1 Repository Connector	2024-08-03	5.4 Medium
Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34192	1 Jenkins	1 Ontrack	2024-08-03	5.4 Medium
Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34210	1 Jenkins	1 Threadfix	2024-08-03	6.5 Medium
A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
CVE-2022-34212	1 Jenkins	1 Vrealize Orchestrator	2024-08-03	5.7 Medium
A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL.
CVE-2022-34205	1 Jenkins	1 Jianliao Notification	2024-08-03	6.5 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL.
CVE-2022-34196	1 Jenkins	1 Rest List Parameter	2024-08-03	5.4 Medium
Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34211	1 Jenkins	1 Vrealize Orchestrator	2024-08-03	6.5 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL.
CVE-2022-34199	1 Jenkins	1 Convertigo Mobile Platform	2024-08-03	6.5 Medium
Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
CVE-2022-34204	1 Jenkins	1 Easyqa	2024-08-03	4.3 Medium
A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server.
CVE-2022-34189	1 Jenkins	1 Image Tag Parameter	2024-08-03	5.4 Medium
Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Image Tag parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34185	1 Jenkins	1 Date Parameter	2024-08-03	5.4 Medium
Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34200	1 Jenkins	1 Convertigo Mobile Platform	2024-08-03	8.8 High
A cross-site request forgery (CSRF) vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL.
CVE-2022-34201	1 Jenkins	1 Convertigo Mobile Platform	2024-08-03	6.5 Medium
A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
CVE-2022-34190	1 Jenkins	1 Maven Metadata	2024-08-03	5.4 Medium
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34194	1 Jenkins	1 Readonly Parameter	2024-08-03	5.4 Medium
Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34191	1 Jenkins	1 Ns-nd Integration Performance Publisher	2024-08-03	5.4 Medium
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34193	1 Jenkins	1 Package Version	2024-08-03	5.4 Medium
Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34197	1 Jenkins	1 Sauce Ondemand	2024-08-03	5.4 Medium
Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the name and description of Sauce Labs Browsers parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34181	1 Jenkins	1 Xunit	2024-08-03	9.1 Critical
Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn't exist, and parsing files inside it as test results, allowing attackers able to control agent processes to create an arbitrary directory on the Jenkins controller or to obtain test results from existing files in an attacker-specified directory.

« first previous Page 59 of 81. next last »