Filtered by vendor Jenkins
Subscriptions
Total
1606 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-30962 | 1 Jenkins | 1 Global Variable String Parameter | 2024-08-03 | 5.4 Medium |
Jenkins Global Variable String Parameter Plugin 1.2 and earlier does not escape the name and description of Global Variable String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
CVE-2022-30961 | 1 Jenkins | 1 Autocomplete Parameter | 2024-08-03 | 5.4 Medium |
Jenkins Autocomplete Parameter Plugin 1.1 and earlier does not escape the name of Dropdown Autocomplete and Auto Complete String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
CVE-2022-30967 | 1 Jenkins | 1 Selection Tasks | 2024-08-03 | 5.4 Medium |
Jenkins Selection tasks Plugin 1.0 and earlier does not escape the name and description of Script Selection task variable parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
CVE-2022-30956 | 1 Jenkins | 1 Rundeck | 2024-08-03 | 5.4 Medium |
Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads. | ||||
CVE-2022-30964 | 1 Jenkins | 1 Multiselect Parameter | 2024-08-03 | 5.4 Medium |
Jenkins Multiselect parameter Plugin 1.3 and earlier does not escape the name and description of Multiselect parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
CVE-2022-30949 | 1 Jenkins | 1 Repo | 2024-08-03 | 5.3 Medium |
Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. | ||||
CVE-2022-30968 | 1 Jenkins | 1 Vboxwrapper | 2024-08-03 | 5.4 Medium |
Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the name and description of VBox node parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
CVE-2022-30946 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-08-03 | 4.3 Medium |
A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver. | ||||
CVE-2022-30959 | 1 Jenkins | 1 Ssh | 2024-08-03 | 6.5 Medium |
A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
CVE-2022-30948 | 2 Jenkins, Redhat | 2 Mercurial, Openshift | 2024-08-03 | 7.5 High |
Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. | ||||
CVE-2022-29045 | 1 Jenkins | 1 Promoted Builds | 2024-08-03 | 5.4 Medium |
Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
CVE-2022-29052 | 1 Jenkins | 1 Google Compute Engine | 2024-08-03 | 4.3 Medium |
Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | ||||
CVE-2022-29051 | 1 Jenkins | 1 Publish Over Ftp | 2024-08-03 | 4.3 Medium |
Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and earlier allow attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials. | ||||
CVE-2022-29039 | 1 Jenkins | 1 Gerrit Trigger | 2024-08-03 | 5.4 Medium |
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
CVE-2022-29046 | 3 Apple, Jenkins, Redhat | 3 Macos, Subversion, Openshift | 2024-08-03 | 5.4 Medium |
Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
CVE-2022-29049 | 1 Jenkins | 1 Promoted Builds | 2024-08-03 | 5.4 Medium |
Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL, allowing attackers with Job/Configure permission to create a promotion with an unsafe name. | ||||
CVE-2022-29044 | 1 Jenkins | 1 Node And Label Parameter | 2024-08-03 | 5.4 Medium |
Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description of Node and Label parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
CVE-2022-29050 | 1 Jenkins | 1 Publish Over Ftp | 2024-08-03 | 8.8 High |
A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over FTP Plugin 1.16 and earlier allows attackers to connect to an FTP server using attacker-specified credentials. | ||||
CVE-2022-29041 | 2 Jenkins, Redhat | 2 Jira, Openshift | 2024-08-03 | 5.4 Medium |
Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
CVE-2022-29040 | 1 Jenkins | 1 Git Parameter | 2024-08-03 | 5.4 Medium |
Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |