Vulnerabilities > Jenkins

DATE CVE VULNERABILITY TITLE RISK
2022-05-17 CVE-2022-30945 Files or Directories Accessible to External Parties vulnerability in Jenkins Pipeline: Groovy
Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines.
network
jenkins CWE-552
6.8
2022-05-17 CVE-2022-30946 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Script Security
A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver.
network
jenkins CWE-352
4.3
2022-05-17 CVE-2022-30947 Unspecified vulnerability in Jenkins GIT and Repo
Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
network
low complexity
jenkins
5.0
2022-05-17 CVE-2022-30948 Unspecified vulnerability in Jenkins GIT and Repo
Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
network
low complexity
jenkins
5.0
2022-05-17 CVE-2022-30949 Unspecified vulnerability in Jenkins GIT and Repo
Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
network
low complexity
jenkins
5.0
2022-05-17 CVE-2022-30950 Classic Buffer Overflow vulnerability in Jenkins WMI Windows Agents
Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute commands on the Windows agent machine.
network
low complexity
jenkins CWE-120
6.5
2022-05-17 CVE-2022-30951 Missing Authorization vulnerability in Jenkins WMI Windows Agents
Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they're not allowed to log in.
network
low complexity
jenkins CWE-862
6.5
2022-05-17 CVE-2022-30952 Insufficiently Protected Credentials vulnerability in Jenkins Blue Ocean
Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins.
network
low complexity
jenkins CWE-522
4.0
2022-05-17 CVE-2022-30953 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Blue Ocean
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server.
network
jenkins CWE-352
4.3
2022-05-17 CVE-2022-30954 Missing Authorization vulnerability in Jenkins Blue Ocean
Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.
network
low complexity
jenkins CWE-862
4.0