Vulnerabilities > Jenkins

DATE	CVE	VULNERABILITY TITLE	RISK
2022-06-30	CVE-2022-34780	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Xebialabs XL Release A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. network low complexity jenkins CWE-352	6.5
2022-06-30	CVE-2022-34781	Missing Authorization vulnerability in Jenkins Xebialabs XL Release Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. network low complexity jenkins CWE-862	6.5
2022-06-30	CVE-2022-34782	Incorrect Authorization vulnerability in Jenkins Requests An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. network low complexity jenkins CWE-863	4.3
2022-06-30	CVE-2022-34783	Cross-site Scripting vulnerability in Jenkins Plot Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. network low complexity jenkins CWE-79	5.4
2022-06-30	CVE-2022-34784	Cross-site Scripting vulnerability in Jenkins Build-Metrics 1.3 Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission. network low complexity jenkins CWE-79	5.4
2022-06-30	CVE-2022-34785	Incorrect Authorization vulnerability in Jenkins Build-Metrics Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them. network low complexity jenkins CWE-863	4.3
2022-06-30	CVE-2022-34786	Cross-site Scripting vulnerability in Jenkins Rich Text Publisher Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs. network low complexity jenkins CWE-79	5.4
2022-06-30	CVE-2022-34787	Cross-site Scripting vulnerability in Jenkins Project Inheritance Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked. network low complexity jenkins CWE-79	5.4
2022-06-30	CVE-2022-34788	Cross-site Scripting vulnerability in Jenkins Matrix Reloaded Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. network low complexity jenkins CWE-79	5.4
2022-06-30	CVE-2022-34789	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Matrix Reloaded A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds. network low complexity jenkins CWE-352	6.5

Vulnerabilities > Jenkins {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Jenkins"}]}

Vulnerabilities > Jenkins