Vulnerabilities > Jenkins

DATE	CVE	VULNERABILITY TITLE	RISK
2022-06-30	CVE-2022-34784	Cross-site Scripting vulnerability in Jenkins Build-Metrics 1.3 Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission. network low complexity jenkins CWE-79	5.4
2022-06-30	CVE-2022-34785	Incorrect Authorization vulnerability in Jenkins Build-Metrics Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them. network low complexity jenkins CWE-863	4.3
2022-06-30	CVE-2022-34786	Cross-site Scripting vulnerability in Jenkins Rich Text Publisher Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs. network low complexity jenkins CWE-79	5.4
2022-06-30	CVE-2022-34787	Cross-site Scripting vulnerability in Jenkins Project Inheritance Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked. network low complexity jenkins CWE-79	5.4
2022-06-30	CVE-2022-34788	Cross-site Scripting vulnerability in Jenkins Matrix Reloaded Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. network low complexity jenkins CWE-79	5.4
2022-06-30	CVE-2022-34789	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Matrix Reloaded A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds. network low complexity jenkins CWE-352	6.5
2022-06-30	CVE-2022-34790	Cross-site Scripting vulnerability in Jenkins Extreme Feedback Panel Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. network low complexity jenkins CWE-79	5.4
2022-06-30	CVE-2022-34791	Cross-site Scripting vulnerability in Jenkins Validating Email Parameter 1.10/1.8 Jenkins Validating Email Parameter Plugin 1.10 and earlier does not escape the name and description of its parameter type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. network low complexity jenkins CWE-79	5.4
2022-06-30	CVE-2022-34792	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Recipe 1.0/1.1/1.2 A cross-site request forgery (CSRF) vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML. network low complexity jenkins CWE-352	8.0
2022-06-30	CVE-2022-34793	XXE vulnerability in Jenkins Recipe 1.0/1.1/1.2 Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. network low complexity jenkins CWE-611	8.8

Vulnerabilities > Jenkins {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Jenkins"}]}

Vulnerabilities > Jenkins