Vulnerabilities > Jenkins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-21 | CVE-2022-41250 | Missing Authorization vulnerability in Jenkins SCM Httpclient A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
| 2022-09-21 | CVE-2022-41251 | Missing Authorization vulnerability in Jenkins Apprenda A missing permission check in Jenkins Apprenda Plugin 2.2.0 and earlier allows users with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2022-09-21 | CVE-2022-41252 | Missing Authorization vulnerability in Jenkins Cons3Rt 1.0.0 Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. | 4.3 |
| 2022-09-21 | CVE-2022-41253 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Cons3Rt 1.0.0 A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2022-09-21 | CVE-2022-41254 | Missing Authorization vulnerability in Jenkins Cons3Rt 1.0.0 Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
| 2022-09-21 | CVE-2022-41255 | Insufficiently Protected Credentials vulnerability in Jenkins Cons3Rt 1.0.0 Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2022-08-23 | CVE-2022-38663 | Insufficiently Protected Credentials vulnerability in Jenkins GIT Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding. | 6.5 |
| 2022-08-23 | CVE-2022-38664 | Cross-site Scripting vulnerability in Jenkins JOB Configuration History Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names. | 5.4 |
| 2022-08-23 | CVE-2022-38665 | Insufficiently Protected Credentials vulnerability in Jenkins Collabnet Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2022-07-27 | CVE-2022-36881 | Improper Certificate Validation vulnerability in Jenkins GIT Client Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks. | 8.1 |