Vulnerabilities > Jenkins

DATE CVE VULNERABILITY TITLE RISK
2022-08-23 CVE-2022-38663 Insufficiently Protected Credentials vulnerability in Jenkins GIT
Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding.
network
low complexity
jenkins CWE-522
6.5
6.5
2022-08-23 CVE-2022-38664 Cross-site Scripting vulnerability in Jenkins JOB Configuration History
Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.
network
low complexity
jenkins CWE-79
5.4
5.4
2022-08-23 CVE-2022-38665 Insufficiently Protected Credentials vulnerability in Jenkins Collabnet
Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
network
low complexity
jenkins CWE-522
6.5
6.5
2022-07-27 CVE-2022-36881 Improper Certificate Validation vulnerability in Jenkins GIT Client
Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.
network
high complexity
jenkins CWE-295
8.1
8.1
2022-07-27 CVE-2022-36882 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins GIT
A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.
network
low complexity
jenkins CWE-352
8.8
8.8
2022-07-27 CVE-2022-36883 Missing Authorization vulnerability in Jenkins GIT
A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.
network
low complexity
jenkins CWE-862
7.5
7.5
2022-07-27 CVE-2022-36884 Missing Authentication for Critical Function vulnerability in Jenkins GIT
The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository.
network
low complexity
jenkins CWE-306
5.3
5.3
2022-07-27 CVE-2022-36885 Information Exposure Through Discrepancy vulnerability in Jenkins Github
Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature.
network
low complexity
jenkins CWE-203
5.3
5.3
2022-07-27 CVE-2022-36886 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins External Monitor JOB Type
A cross-site request forgery (CSRF) vulnerability in Jenkins External Monitor Job Type Plugin 191.v363d0d1efdf8 and earlier allows attackers to create runs of an external job.
network
low complexity
jenkins CWE-352
4.3
4.3
2022-07-27 CVE-2022-36887 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins JOB Configuration History
A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations.
network
low complexity
jenkins CWE-352
4.3
4.3