Vulnerabilities > Jenkins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-30 | CVE-2022-34804 | Cleartext Transmission of Sensitive Information vulnerability in Jenkins Opsgenie Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain text as part of the global Jenkins configuration form and job configuration forms, potentially resulting in their exposure. | 4.3 |
| 2022-06-30 | CVE-2022-34805 | Insufficiently Protected Credentials vulnerability in Jenkins Skype Notifier 1.0/1.0.1/1.1.0 Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2022-06-30 | CVE-2022-34806 | Insufficiently Protected Credentials vulnerability in Jenkins Jigomerge Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 6.5 |
| 2022-06-30 | CVE-2022-34807 | Insufficiently Protected Credentials vulnerability in Jenkins Elasticsearch Query 1.1/1.2 Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2022-06-30 | CVE-2022-34808 | Insufficiently Protected Credentials vulnerability in Jenkins Cisco Spark Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 4.3 |
| 2022-06-30 | CVE-2022-34809 | Insufficiently Protected Credentials vulnerability in Jenkins RQM Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2022-06-30 | CVE-2022-34810 | Missing Authorization vulnerability in Jenkins RQM A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 6.5 |
| 2022-06-30 | CVE-2022-34811 | Missing Authorization vulnerability in Jenkins Xpath Configuration Viewer A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. | 4.3 |
| 2022-06-30 | CVE-2022-34812 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Xpath Configuration Viewer A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions. | 4.3 |
| 2022-06-30 | CVE-2022-34813 | Missing Authorization vulnerability in Jenkins Xpath Configuration Viewer A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions. | 4.3 |