Jenkins CVEs and Security Vulnerabilities

Filtered by vendor Jenkins Subscriptions

Search

Switch to Advanced Search (Beta)

Total 1642 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-30972	1 Jenkins	1 Storage Configs	2024-11-21	8.8 High
A cross-site request forgery (CSRF) vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file (e.g., archived artifacts) that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
CVE-2022-30971	1 Jenkins	1 Storable Configs	2024-11-21	8.8 High
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-30970	1 Jenkins	1 Autocomplete Parameter	2024-11-21	5.4 Medium
Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-30969	1 Jenkins	1 Autocomplete Parameter	2024-11-21	8.8 High
A cross-site request forgery (CSRF) vulnerability in Jenkins Autocomplete Parameter Plugin 1.1 and earlier allows attackers to execute arbitrary code without sandbox protection if the victim is an administrator.
CVE-2022-30968	1 Jenkins	1 Vboxwrapper	2024-11-21	5.4 Medium
Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the name and description of VBox node parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-30967	1 Jenkins	1 Selection Tasks	2024-11-21	5.4 Medium
Jenkins Selection tasks Plugin 1.0 and earlier does not escape the name and description of Script Selection task variable parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-30966	1 Jenkins	1 Random String Parameter	2024-11-21	5.4 Medium
Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-30965	1 Jenkins	1 Promoted Builds	2024-11-21	5.4 Medium
Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-30964	1 Jenkins	1 Multiselect Parameter	2024-11-21	5.4 Medium
Jenkins Multiselect parameter Plugin 1.3 and earlier does not escape the name and description of Multiselect parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-30963	1 Jenkins	1 Jdk Parameter	2024-11-21	5.4 Medium
Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-30962	1 Jenkins	1 Global Variable String Parameter	2024-11-21	5.4 Medium
Jenkins Global Variable String Parameter Plugin 1.2 and earlier does not escape the name and description of Global Variable String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-30961	1 Jenkins	1 Autocomplete Parameter	2024-11-21	5.4 Medium
Jenkins Autocomplete Parameter Plugin 1.1 and earlier does not escape the name of Dropdown Autocomplete and Auto Complete String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-30960	1 Jenkins	1 Application Detector	2024-11-21	5.4 Medium
Jenkins Application Detector Plugin 1.0.8 and earlier does not escape the name of Chois Application Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-30959	1 Jenkins	1 Ssh	2024-11-21	6.5 Medium
A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2022-30958	1 Jenkins	1 Ssh	2024-11-21	8.8 High
A cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2022-30957	1 Jenkins	1 Ssh	2024-11-21	4.3 Medium
A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2022-30956	1 Jenkins	1 Rundeck	2024-11-21	5.4 Medium
Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads.
CVE-2022-30955	1 Jenkins	1 Gitlab	2024-11-21	6.5 Medium
Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2022-30954	2 Jenkins, Redhat	3 Blue Ocean, Ocp Tools, Openshift	2024-11-21	6.5 Medium
Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.
CVE-2022-30953	2 Jenkins, Redhat	3 Blue Ocean, Ocp Tools, Openshift	2024-11-21	6.5 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server.

« first previous Page 33 of 83. next last »