Vulnerabilities > Jenkins > Convert TO Pipeline

DATE CVE VULNERABILITY TITLE RISK
2023-04-02 CVE-2023-28676 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Convert to Pipeline 1.0
A cross-site request forgery (CSRF) vulnerability in Jenkins Convert To Pipeline Plugin 1.0 and earlier allows attackers to create a Pipeline based on a Freestyle project, potentially leading to remote code execution (RCE).
network
low complexity
jenkins CWE-352
8.8
8.8
2023-04-02 CVE-2023-28677 Command Injection vulnerability in Jenkins Convert to Pipeline 1.0
Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle projects to prepare a crafted configuration that injects Pipeline script code into the (unsandboxed) Pipeline resulting from a convertion by Jenkins Convert To Pipeline Plugin.
network
low complexity
jenkins CWE-77
critical
 9.8
9.8