Vulnerabilities > Jenkins

DATE CVE VULNERABILITY TITLE RISK
2022-11-15 CVE-2022-45379 Inadequate Encryption Strength vulnerability in Jenkins Script Security
Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks.
network
low complexity
jenkins CWE-326
7.5
7.5
2022-11-15 CVE-2022-45380 Cross-site Scripting vulnerability in Jenkins Junit
Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
network
low complexity
jenkins CWE-79
5.4
5.4
2022-11-15 CVE-2022-45381 Path Traversal vulnerability in Jenkins Pipeline Utility Steps 2.13.1
Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the Jenkins controller file system.
network
low complexity
jenkins CWE-22
8.1
8.1
2022-11-15 CVE-2022-45382 Cross-site Scripting vulnerability in Jenkins Naginator 1.18.1
Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to edit build display names.
network
low complexity
jenkins CWE-79
5.4
5.4
2022-11-15 CVE-2022-45383 Incorrect Authorization vulnerability in Jenkins Support Core
An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission.
network
low complexity
jenkins CWE-863
6.5
6.5
2022-11-15 CVE-2022-45384 Insufficiently Protected Credentials vulnerability in Jenkins Reverse Proxy Auth
Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.
network
low complexity
jenkins CWE-522
6.5
6.5
2022-11-15 CVE-2022-45385 Missing Authorization vulnerability in Jenkins Cloudbees Docker Hub/Registry Notification 2.6.2
A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository.
network
low complexity
jenkins CWE-862
7.5
7.5
2022-11-15 CVE-2022-45386 XXE vulnerability in Jenkins Violations 0.7.11
Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
local
low complexity
jenkins CWE-611
5.5
5.5
2022-11-15 CVE-2022-45387 Cross-site Scripting vulnerability in Jenkins Bart 1.0.3
Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed content of build logs before rendering it on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability.
network
low complexity
jenkins CWE-79
5.4
5.4
2022-11-15 CVE-2022-45388 Unspecified vulnerability in Jenkins Config Rotator 2.0.1
Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system.
network
low complexity
jenkins
7.5
7.5