Vulnerabilities (CVE)

Filtered by vendor Jenkins Subscribe
Total 1608 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-41224 1 Jenkins 1 Jenkins 2024-11-21 N/A 5.4 MEDIUM
Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component.
CVE-2022-38666 1 Jenkins 1 Ns-nd Integration Performance Publisher 2024-11-21 N/A 7.5 HIGH
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features.
CVE-2022-38665 1 Jenkins 1 Collabnet 2024-11-21 N/A 6.5 MEDIUM
Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
CVE-2022-38664 1 Jenkins 1 Job Configuration History 2024-11-21 N/A 5.4 MEDIUM
Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.
CVE-2022-38663 1 Jenkins 1 Git 2024-11-21 N/A 6.5 MEDIUM
Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding.
CVE-2022-36922 1 Jenkins 1 Lucene-search 2024-11-21 N/A 6.1 MEDIUM
Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting (XSS) vulnerability.
CVE-2022-36921 1 Jenkins 1 Coverity 2024-11-21 N/A 8.1 HIGH
A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2022-36920 1 Jenkins 1 Coverity 2024-11-21 N/A 8.8 HIGH
A cross-site request forgery (CSRF) vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2022-36919 1 Jenkins 1 Coverity 2024-11-21 N/A 4.3 MEDIUM
A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2022-36918 1 Jenkins 1 Buckminster 2024-11-21 N/A 4.3 MEDIUM
Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
CVE-2022-36917 1 Jenkins 1 Google Cloud Backup 2024-11-21 N/A 4.3 MEDIUM
A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers with Overall/Read permission to request a manual backup.
CVE-2022-36916 1 Jenkins 1 Google Cloud Backup 2024-11-21 N/A 8.0 HIGH
A cross-site request forgery (CSRF) vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers to request a manual backup.
CVE-2022-36915 1 Jenkins 1 Android Signing 2024-11-21 N/A 4.3 MEDIUM
Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.
CVE-2022-36914 1 Jenkins 1 Files Found Trigger 2024-11-21 N/A 4.3 MEDIUM
Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
CVE-2022-36913 1 Jenkins 1 Openstack Heat 2024-11-21 N/A 4.3 MEDIUM
Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
CVE-2022-36912 1 Jenkins 1 Openstack Heat 2024-11-21 N/A 4.3 MEDIUM
A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
CVE-2022-36911 1 Jenkins 1 Openstack Heat 2024-11-21 N/A 6.5 MEDIUM
A cross-site request forgery (CSRF) vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL.
CVE-2022-36910 1 Jenkins 1 Lucene-search 2024-11-21 N/A 5.4 MEDIUM
Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them.
CVE-2022-36909 1 Jenkins 1 Openshift Deployer 2024-11-21 N/A 6.5 MEDIUM
A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL.
CVE-2022-36908 1 Jenkins 1 Openshift Deployer 2024-11-21 N/A 6.5 MEDIUM
A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL.