Vulnerabilities (CVE)

Filtered by vendor Jenkins Subscribe
Total 1608 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-34202 1 Jenkins 1 Easyqa 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
CVE-2022-34201 1 Jenkins 1 Convertigo Mobile Platform 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
CVE-2022-34200 1 Jenkins 1 Convertigo Mobile Platform 2024-11-21 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery (CSRF) vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL.
CVE-2022-34199 1 Jenkins 1 Convertigo Mobile Platform 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
CVE-2022-34198 1 Jenkins 1 Stash Branch Parameter 2024-11-21 3.5 LOW 5.4 MEDIUM
Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escape the name and description of Stash Branch parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34197 1 Jenkins 1 Sauce Ondemand 2024-11-21 3.5 LOW 5.4 MEDIUM
Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the name and description of Sauce Labs Browsers parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34196 1 Jenkins 1 Rest List Parameter 2024-11-21 3.5 LOW 5.4 MEDIUM
Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34195 1 Jenkins 1 Repository Connector 2024-11-21 3.5 LOW 5.4 MEDIUM
Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34194 1 Jenkins 1 Readonly Parameter 2024-11-21 3.5 LOW 5.4 MEDIUM
Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34193 1 Jenkins 1 Package Version 2024-11-21 3.5 LOW 5.4 MEDIUM
Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34192 1 Jenkins 1 Ontrack 2024-11-21 3.5 LOW 5.4 MEDIUM
Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34191 1 Jenkins 1 Ns-nd Integration Performance Publisher 2024-11-21 3.5 LOW 5.4 MEDIUM
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34190 1 Jenkins 1 Maven Metadata 2024-11-21 3.5 LOW 5.4 MEDIUM
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34189 1 Jenkins 1 Image Tag Parameter 2024-11-21 3.5 LOW 5.4 MEDIUM
Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Image Tag parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34188 1 Jenkins 1 Hidden Parameter 2024-11-21 3.5 LOW 5.4 MEDIUM
Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34187 1 Jenkins 1 Filesystem List Parameter 2024-11-21 3.5 LOW 5.4 MEDIUM
Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34186 1 Jenkins 1 Dynamic Extended Choice Parameter 2024-11-21 3.5 LOW 5.4 MEDIUM
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34185 1 Jenkins 1 Date Parameter 2024-11-21 3.5 LOW 5.4 MEDIUM
Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34184 1 Jenkins 1 Crx Content Package Deployer 2024-11-21 3.5 LOW 5.4 MEDIUM
Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34183 1 Jenkins 1 Agent Server Parameter 2024-11-21 3.5 LOW 5.4 MEDIUM
Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.