Vulnerabilities > Jenkins

DATE CVE VULNERABILITY TITLE RISK
2022-11-15 CVE-2022-45385 Missing Authorization vulnerability in Jenkins Cloudbees Docker Hub/Registry Notification 2.6.2
A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository.
network
low complexity
jenkins CWE-862
7.5
2022-11-15 CVE-2022-45386 XXE vulnerability in Jenkins Violations 0.7.11
Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
local
low complexity
jenkins CWE-611
5.5
2022-11-15 CVE-2022-45387 Cross-site Scripting vulnerability in Jenkins Bart 1.0.3
Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed content of build logs before rendering it on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability.
network
low complexity
jenkins CWE-79
5.4
2022-11-15 CVE-2022-45388 Unspecified vulnerability in Jenkins Config Rotator 2.0.1
Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system.
network
low complexity
jenkins
7.5
2022-11-15 CVE-2022-45389 Missing Authorization vulnerability in Jenkins Xp-Dev 1.0
A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository.
network
low complexity
jenkins CWE-862
5.3
2022-11-15 CVE-2022-45390 Missing Authorization vulnerability in Jenkins Loader.Io 1.0.1
A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
4.3
2022-11-15 CVE-2022-45391 Improper Certificate Validation vulnerability in Jenkins Ns-Nd Integration Performance Publisher
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM.
network
low complexity
jenkins CWE-295
7.5
2022-11-15 CVE-2022-45392 Insufficiently Protected Credentials vulnerability in Jenkins Ns-Nd Integration Performance Publisher
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system.
network
low complexity
jenkins CWE-522
6.5
2022-11-15 CVE-2022-45393 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Delete LOG 1.0
A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs.
network
low complexity
jenkins CWE-352
3.5
2022-11-15 CVE-2022-45394 Missing Authorization vulnerability in Jenkins Delete LOG 1.0
A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read permission to delete build logs.
network
low complexity
jenkins CWE-862
4.3