Vulnerabilities (CVE)

Filtered by vendor Jenkins Subscribe
Total 1603 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-30945 1 Jenkins 1 Pipeline\ 2023-12-21 6.8 MEDIUM 8.5 HIGH
Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines.
CVE-2022-29044 1 Jenkins 1 Node And Label Parameter 2023-12-21 3.5 LOW 5.4 MEDIUM
Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description of Node and Label parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-27212 1 Jenkins 1 List Git Branches Parameter 2023-12-21 3.5 LOW 5.4 MEDIUM
Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches (and more)' parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-27208 1 Jenkins 1 Kubernetes Continuous Deploy 2023-12-21 4.0 MEDIUM 6.5 MEDIUM
Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller.
CVE-2022-28135 1 Jenkins 1 Instant-messaging 2023-12-21 4.0 MEDIUM 6.5 MEDIUM
Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
CVE-2022-27218 1 Jenkins 1 Incapptic Connect Uploader 2023-12-21 4.0 MEDIUM 4.3 MEDIUM
Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
CVE-2022-34197 1 Jenkins 1 Sauce Ondemand 2023-12-21 3.5 LOW 5.4 MEDIUM
Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the name and description of Sauce Labs Browsers parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34196 1 Jenkins 1 Rest List Parameter 2023-12-21 3.5 LOW 5.4 MEDIUM
Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34195 1 Jenkins 1 Repository Connector 2023-12-21 3.5 LOW 5.4 MEDIUM
Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34778 1 Jenkins 1 Testng Results 2023-12-21 3.5 LOW 5.4 MEDIUM
Jenkins TestNG Results Plugin 554.va4a552116332 and earlier renders the unescaped test descriptions and exception messages provided in test results if certain job-level options are set, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or control test results.
CVE-2022-34777 1 Jenkins 1 Gitlab 2023-12-21 3.5 LOW 5.4 MEDIUM
Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34198 1 Jenkins 1 Stash Branch Parameter 2023-12-21 3.5 LOW 5.4 MEDIUM
Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escape the name and description of Stash Branch parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34786 1 Jenkins 1 Rich Text Publisher 2023-12-21 3.5 LOW 5.4 MEDIUM
Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.
CVE-2022-34784 1 Jenkins 1 Build-metrics 2023-12-21 3.5 LOW 5.4 MEDIUM
Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission.
CVE-2022-34783 1 Jenkins 1 Plot 2023-12-21 3.5 LOW 5.4 MEDIUM
Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34791 1 Jenkins 1 Validating Email Parameter 2023-12-21 3.5 LOW 5.4 MEDIUM
Jenkins Validating Email Parameter Plugin 1.10 and earlier does not escape the name and description of its parameter type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34788 1 Jenkins 1 Matrix Reloaded 2023-12-21 3.5 LOW 5.4 MEDIUM
Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.
CVE-2022-34787 1 Jenkins 1 Project Inheritance 2023-12-21 3.5 LOW 5.4 MEDIUM
Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked.
CVE-2021-21665 1 Jenkins 1 Xebialabs Xl Deploy 2023-12-21 6.0 MEDIUM 8.8 HIGH
A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.
CVE-2022-29048 2 Apple, Jenkins 2 Macos, Subversion 2023-12-21 4.3 MEDIUM 4.3 MEDIUM
A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL.