Vulnerabilities > Jenkins > Blue Ocean

DATE CVE VULNERABILITY TITLE RISK
2023-08-16 CVE-2023-40341 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Blue Ocean
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.
network
low complexity
jenkins CWE-352
8.8
2022-05-17 CVE-2022-30952 Insufficiently Protected Credentials vulnerability in Jenkins Blue Ocean
Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins.
network
low complexity
jenkins CWE-522
6.5
2022-05-17 CVE-2022-30953 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Blue Ocean
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server.
network
low complexity
jenkins CWE-352
6.5
2022-05-17 CVE-2022-30954 Missing Authorization vulnerability in Jenkins Blue Ocean
Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.
network
low complexity
jenkins CWE-862
6.5
2020-09-16 CVE-2020-2255 Missing Authorization vulnerability in Jenkins Blue Ocean
A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
network
low complexity
jenkins CWE-862
4.3
2020-09-16 CVE-2020-2254 Path Traversal vulnerability in Jenkins Blue Ocean
Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.
network
low complexity
jenkins CWE-22
6.5
2019-02-06 CVE-2019-1003013 Cross-site Scripting vulnerability in multiple products
An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/ExportConfig.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/JSONDataWriter.java, blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/UserStatePreloader.java, blueocean-web/src/main/resources/io/jenkins/blueocean/PageStatePreloadDecorator/header.jelly that allows attackers with permission to edit a user's description in Jenkins to have Blue Ocean render arbitrary HTML when using it as that user.
network
low complexity
jenkins redhat CWE-79
5.4
2019-02-06 CVE-2019-1003012 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js, blueocean-rest/src/main/java/io/jenkins/blueocean/rest/APICrumbExclusion.java, blueocean-web/src/main/java/io/jenkins/blueocean/BlueOceanUI.java, blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API.
network
low complexity
jenkins redhat CWE-352
6.5
2017-10-05 CVE-2017-1000110 Improper Authentication vulnerability in Jenkins Blue Ocean
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins.
network
low complexity
jenkins CWE-287
4.0
2017-10-05 CVE-2017-1000106 Improper Authentication vulnerability in Jenkins Blue Ocean
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins.
network
low complexity
jenkins CWE-287
5.5