ReportizFlow
Filtered by vendor Jenkins
Subscriptions
Total
1613 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29036 | 2 Jenkins, Redhat | 2 Credentials, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-28160 | 1 Jenkins | 1 Tests Selector | 2024-11-21 | 6.5 Medium |
| Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins controller. | ||||
| CVE-2022-28159 | 1 Jenkins | 1 Tests Selector | 2024-11-21 | 5.4 Medium |
| Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-28158 | 1 Jenkins | 1 Pipeline\ | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-28157 | 1 Jenkins | 1 Pipeline\ | 2024-11-21 | 6.5 Medium |
| Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller via FTP to an attacker-specified FTP server. | ||||
| CVE-2022-28156 | 1 Jenkins | 1 Pipeline\ | 2024-11-21 | 6.5 Medium |
| Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to copy arbitrary files and directories from the Jenkins controller to the agent workspace. | ||||
| CVE-2022-28155 | 1 Jenkins | 1 Pipeline\ | 2024-11-21 | 8.1 High |
| Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-28154 | 1 Jenkins | 1 Coverage\/complexity Scatter Plot | 2024-11-21 | 8.1 High |
| Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-28153 | 1 Jenkins | 1 Sitemonitor | 2024-11-21 | 5.4 Medium |
| Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sites to monitor in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-28152 | 1 Jenkins | 1 Job And Node Ownership | 2024-11-21 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job. | ||||
| CVE-2022-28151 | 1 Jenkins | 1 Job And Node Ownership | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job. | ||||
| CVE-2022-28150 | 1 Jenkins | 1 Job And Node Ownership | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job. | ||||
| CVE-2022-28149 | 1 Jenkins | 1 Job And Node Ownership | 2024-11-21 | 5.4 Medium |
| Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-28148 | 2 Jenkins, Microsoft | 2 Continuous Integration With Toad Edge, Windows | 2024-11-21 | 6.5 Medium |
| The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers. | ||||
| CVE-2022-28147 | 1 Jenkins | 1 Continuous Integration With Toad Edge | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | ||||
| CVE-2022-28146 | 1 Jenkins | 1 Continuous Integration With Toad Edge | 2024-11-21 | 6.5 Medium |
| Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller by specifying an input folder on the Jenkins controller as a parameter to its build steps. | ||||
| CVE-2022-28145 | 1 Jenkins | 1 Continuous Integration With Toad Edge | 2024-11-21 | 5.4 Medium |
| Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting (XSS) exploitable by attackers with Item/Configure permission or otherwise able to control report contents. | ||||
| CVE-2022-28144 | 1 Jenkins | 1 Proxmox | 2024-11-21 | 6.5 Medium |
| Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters. | ||||
| CVE-2022-28143 | 1 Jenkins | 1 Proxmox | 2024-11-21 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters. | ||||
| CVE-2022-28142 | 1 Jenkins | 1 Proxmox | 2024-11-21 | 7.5 High |
| Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally for the Jenkins controller JVM when configured to ignore SSL/TLS issues. | ||||