Filtered by vendor Jenkins
Subscribe
Total
1603 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-30945 | 1 Jenkins | 1 Pipeline\ | 2023-12-21 | 6.8 MEDIUM | 8.5 HIGH |
Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines. | |||||
CVE-2022-29044 | 1 Jenkins | 1 Node And Label Parameter | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description of Node and Label parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
CVE-2022-27212 | 1 Jenkins | 1 List Git Branches Parameter | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches (and more)' parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
CVE-2022-27208 | 1 Jenkins | 1 Kubernetes Continuous Deploy | 2023-12-21 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller. | |||||
CVE-2022-28135 | 1 Jenkins | 1 Instant-messaging | 2023-12-21 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | |||||
CVE-2022-27218 | 1 Jenkins | 1 Incapptic Connect Uploader | 2023-12-21 | 4.0 MEDIUM | 4.3 MEDIUM |
Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | |||||
CVE-2022-34197 | 1 Jenkins | 1 Sauce Ondemand | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the name and description of Sauce Labs Browsers parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
CVE-2022-34196 | 1 Jenkins | 1 Rest List Parameter | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
CVE-2022-34195 | 1 Jenkins | 1 Repository Connector | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
CVE-2022-34778 | 1 Jenkins | 1 Testng Results | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins TestNG Results Plugin 554.va4a552116332 and earlier renders the unescaped test descriptions and exception messages provided in test results if certain job-level options are set, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or control test results. | |||||
CVE-2022-34777 | 1 Jenkins | 1 Gitlab | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
CVE-2022-34198 | 1 Jenkins | 1 Stash Branch Parameter | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escape the name and description of Stash Branch parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
CVE-2022-34786 | 1 Jenkins | 1 Rich Text Publisher | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs. | |||||
CVE-2022-34784 | 1 Jenkins | 1 Build-metrics | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission. | |||||
CVE-2022-34783 | 1 Jenkins | 1 Plot | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
CVE-2022-34791 | 1 Jenkins | 1 Validating Email Parameter | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins Validating Email Parameter Plugin 1.10 and earlier does not escape the name and description of its parameter type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
CVE-2022-34788 | 1 Jenkins | 1 Matrix Reloaded | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. | |||||
CVE-2022-34787 | 1 Jenkins | 1 Project Inheritance | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked. | |||||
CVE-2021-21665 | 1 Jenkins | 1 Xebialabs Xl Deploy | 2023-12-21 | 6.0 MEDIUM | 8.8 HIGH |
A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins. | |||||
CVE-2022-29048 | 2 Apple, Jenkins | 2 Macos, Subversion | 2023-12-21 | 4.3 MEDIUM | 4.3 MEDIUM |
A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL. |