Vulnerabilities > Jenkins

DATE	CVE	VULNERABILITY TITLE	RISK
2023-01-26	CVE-2023-24457	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Keycloak Authentication 2.3.0 A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account. network low complexity jenkins CWE-352	6.5
2023-01-26	CVE-2023-24458	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Bearychat A cross-site request forgery (CSRF) vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL. network low complexity jenkins CWE-352	8.8
2023-01-26	CVE-2023-24459	Missing Authorization vulnerability in Jenkins Bearychat A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. network low complexity jenkins CWE-862	6.5
2022-12-12	CVE-2022-46682	XXE vulnerability in Jenkins Plot Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. network low complexity jenkins CWE-611 critical	9.8
2022-12-12	CVE-2022-46683	Open Redirect vulnerability in Jenkins Google Login 1.4/1.6 Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins. network low complexity jenkins CWE-601	6.1
2022-12-12	CVE-2022-46684	Cross-site Scripting vulnerability in Jenkins Checkmarx Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting (XSS) vulnerability. network low complexity jenkins CWE-79	5.4
2022-12-12	CVE-2022-46686	Cross-site Scripting vulnerability in Jenkins Custom Build Properties 2.79.Vc095Ccc85094 Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set or change these values. network low complexity jenkins CWE-79	5.4
2022-12-12	CVE-2022-46687	Cross-site Scripting vulnerability in Jenkins Spring Config Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to change build display names. network low complexity jenkins CWE-79	5.4
2022-12-12	CVE-2022-46688	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Sonar Gerrit A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers (previously configured by Jenkins administrators) using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. network low complexity jenkins CWE-352	6.5
2022-11-15	CVE-2022-38666	Improper Certificate Validation vulnerability in Jenkins Ns-Nd Integration Performance Publisher Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features. network low complexity jenkins CWE-295	7.5

Vulnerabilities > Jenkins {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Jenkins"}]}

Vulnerabilities > Jenkins