Vulnerabilities > Jenkins

DATE CVE VULNERABILITY TITLE RISK
2022-09-21 CVE-2022-41226 XXE vulnerability in Jenkins Compuware Common Configuration
Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
critical
 9.8
9.8
2022-09-21 CVE-2022-41227 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Ns-Nd Integration Performance Publisher 4.8.0.129/4.8.0.77
A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials.
network
low complexity
jenkins CWE-352
8.8
8.8
2022-09-21 CVE-2022-41228 Missing Authorization vulnerability in Jenkins Ns-Nd Integration Performance Publisher 4.8.0.129/4.8.0.77
A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials.
network
low complexity
jenkins CWE-862
8.8
8.8
2022-09-21 CVE-2022-41229 Cross-site Scripting vulnerability in Jenkins Ns-Nd Integration Performance Publisher
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
network
low complexity
jenkins CWE-79
5.4
5.4
2022-09-21 CVE-2022-41230 Missing Authorization vulnerability in Jenkins Build-Publisher
Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to those Jenkins servers.
network
low complexity
jenkins CWE-862
4.3
4.3
2022-09-21 CVE-2022-41231 Path Traversal vulnerability in Jenkins Build-Publisher
Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint.
network
low complexity
jenkins CWE-22
5.7
5.7
2022-09-21 CVE-2022-41232 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Build-Publisher
A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint.
network
low complexity
jenkins CWE-352
8.0
8.0
2022-09-21 CVE-2022-41233 Missing Authorization vulnerability in Jenkins Rundeck
Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled.
network
low complexity
jenkins CWE-862
4.3
4.3
2022-09-21 CVE-2022-41234 Missing Authorization vulnerability in Jenkins Rundeck
Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be triggerable via Rundeck.
network
low complexity
jenkins CWE-862
8.8
8.8
2022-09-21 CVE-2022-41235 Unspecified vulnerability in Jenkins Wildfly Deployer 1.0.2
Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.
network
low complexity
jenkins
5.3
5.3