Filtered by vendor Jenkins Subscriptions
Total 1641 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-45386 1 Jenkins 1 Violations 2025-04-30 5.5 Medium
Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-45385 1 Jenkins 1 Cloudbees Docker Hub\/registry Notification 2025-04-30 7.5 High
A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository.
CVE-2022-45384 1 Jenkins 1 Reverse Proxy Auth 2025-04-30 6.5 Medium
Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.
CVE-2022-45395 1 Jenkins 1 Cccc 2025-04-30 9.8 Critical
Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-45394 1 Jenkins 1 Delete Log 2025-04-30 4.3 Medium
A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read permission to delete build logs.
CVE-2022-45393 1 Jenkins 1 Delete Log 2025-04-30 3.5 Low
A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs.
CVE-2022-45392 1 Jenkins 1 Ns-nd Integration Performance Publisher 2025-04-30 6.5 Medium
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system.
CVE-2022-45401 1 Jenkins 1 Associated Files 2025-04-30 5.4 Medium
Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-45400 1 Jenkins 1 Japex 2025-04-30 9.8 Critical
Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-45399 1 Jenkins 1 Cluster Statistics 2025-04-30 4.3 Medium
A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.
CVE-2022-45398 1 Jenkins 1 Cluster Statistics 2025-04-30 4.3 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.
CVE-2022-45397 1 Jenkins 1 Osf Builder Suite \ 2025-04-30 9.8 Critical
Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-45396 1 Jenkins 1 Sourcemonitor 2025-04-30 9.8 Critical
Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-38666 1 Jenkins 1 Ns-nd Integration Performance Publisher 2025-04-30 7.5 High
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features.
CVE-2022-45381 2 Jenkins, Redhat 2 Pipeline Utility Steps, Openshift 2025-04-30 8.1 High
Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the Jenkins controller file system.
CVE-2022-45380 2 Jenkins, Redhat 2 Junit, Openshift 2025-04-30 5.4 Medium
Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-45383 1 Jenkins 1 Support Core 2025-04-30 6.5 Medium
An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission.
CVE-2022-45382 1 Jenkins 1 Naginator 2025-04-30 5.4 Medium
Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to edit build display names.
CVE-2025-31720 1 Jenkins 1 Jenkins 2025-04-29 4.3 Medium
A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent, gaining access to its configuration.
CVE-2025-31721 1 Jenkins 1 Jenkins 2025-04-29 4.3 Medium
A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration.