Vulnerabilities > Jenkins > JOB AND Node Ownership > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-29 CVE-2022-28149 Cross-site Scripting vulnerability in Jenkins JOB and Node Ownership
Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
network
low complexity
jenkins CWE-79
5.4
2022-03-29 CVE-2022-28151 Missing Authorization vulnerability in Jenkins JOB and Node Ownership
A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job.
network
low complexity
jenkins CWE-862
4.3
2022-03-29 CVE-2022-28152 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins JOB and Node Ownership
A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job.
network
low complexity
jenkins CWE-352
4.3
2018-03-13 CVE-2018-1000107 Incorrect Authorization vulnerability in Jenkins JOB and Node Ownership
An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Configure permission and without Ownership related permissions to override ownership metadata.
network
low complexity
jenkins CWE-863
6.5