Vulnerabilities > Jenkins

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-15	CVE-2022-45393	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Delete LOG 1.0 A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs. network low complexity jenkins CWE-352	3.5
2022-11-15	CVE-2022-45394	Missing Authorization vulnerability in Jenkins Delete LOG 1.0 A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read permission to delete build logs. network low complexity jenkins CWE-862	4.3
2022-11-15	CVE-2022-45395	XXE vulnerability in Jenkins Cccc Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. network low complexity jenkins CWE-611 critical	9.8
2022-11-15	CVE-2022-45396	XXE vulnerability in Jenkins Sourcemonitor 0.2 Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. network low complexity jenkins CWE-611 critical	9.8
2022-11-15	CVE-2022-45397	XXE vulnerability in Jenkins OSF Builder Suite :: XML Linter 1.0.2 Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. network low complexity jenkins CWE-611 critical	9.8
2022-11-15	CVE-2022-45398	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Cluster Statistics 0.4.6 A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. network low complexity jenkins CWE-352	4.3
2022-11-15	CVE-2022-45399	Missing Authorization vulnerability in Jenkins Cluster Statistics 0.4.6 A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. network low complexity jenkins CWE-862	4.3
2022-11-15	CVE-2022-45400	XXE vulnerability in Jenkins Japex 1.7 Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. network low complexity jenkins CWE-611 critical	9.8
2022-11-15	CVE-2022-45401	Cross-site Scripting vulnerability in Jenkins Associated Files 0.2.1 Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. network low complexity jenkins CWE-79	5.4
2022-10-19	CVE-2022-43401	Unspecified vulnerability in Jenkins Script Security A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. network low complexity jenkins critical	9.9

Vulnerabilities > Jenkins {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Jenkins"}]}

Vulnerabilities > Jenkins