Vulnerabilities > Jenkins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-15 | CVE-2022-45389 | Missing Authorization vulnerability in Jenkins Xp-Dev 1.0 A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository. | 5.3 |
| 2022-11-15 | CVE-2022-45390 | Missing Authorization vulnerability in Jenkins Loader.Io 1.0.1 A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2022-11-15 | CVE-2022-45391 | Improper Certificate Validation vulnerability in Jenkins Ns-Nd Integration Performance Publisher Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM. | 7.5 |
| 2022-11-15 | CVE-2022-45392 | Insufficiently Protected Credentials vulnerability in Jenkins Ns-Nd Integration Performance Publisher Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. | 6.5 |
| 2022-11-15 | CVE-2022-45393 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Delete LOG 1.0 A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs. | 3.5 |
| 2022-11-15 | CVE-2022-45394 | Missing Authorization vulnerability in Jenkins Delete LOG 1.0 A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read permission to delete build logs. | 4.3 |
| 2022-11-15 | CVE-2022-45395 | XXE vulnerability in Jenkins Cccc Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |
| 2022-11-15 | CVE-2022-45396 | XXE vulnerability in Jenkins Sourcemonitor 0.2 Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |
| 2022-11-15 | CVE-2022-45397 | XXE vulnerability in Jenkins OSF Builder Suite :: XML Linter 1.0.2 Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |
| 2022-11-15 | CVE-2022-45398 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Cluster Statistics 0.4.6 A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. | 4.3 |