Vulnerabilities > Jenkins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-30 | CVE-2022-34810 | Missing Authorization vulnerability in Jenkins RQM A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 6.5 |
| 2022-06-30 | CVE-2022-34811 | Missing Authorization vulnerability in Jenkins Xpath Configuration Viewer A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. | 4.3 |
| 2022-06-30 | CVE-2022-34812 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Xpath Configuration Viewer A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions. | 4.3 |
| 2022-06-30 | CVE-2022-34813 | Missing Authorization vulnerability in Jenkins Xpath Configuration Viewer A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions. | 4.3 |
| 2022-06-30 | CVE-2022-34814 | Incorrect Authorization vulnerability in Jenkins Request Rename or Delete Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration page listing pending requests. | 4.3 |
| 2022-06-30 | CVE-2022-34815 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Request Rename or Delete A cross-site request forgery (CSRF) vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs. | 4.3 |
| 2022-06-30 | CVE-2022-34816 | Insufficiently Protected Credentials vulnerability in Jenkins HPE Network Virtualization 1.0 Jenkins HPE Network Virtualization Plugin 1.0 stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2022-06-30 | CVE-2022-34817 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Failed JOB Deactivator A cross-site request forgery (CSRF) vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs. | 4.3 |
| 2022-06-30 | CVE-2022-34818 | Missing Authorization vulnerability in Jenkins Failed JOB Deactivator Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints, allowing attackers with Overall/Read permission to disable jobs. | 4.3 |
| 2022-06-23 | CVE-2022-34170 | Cross-site Scripting vulnerability in Jenkins 2.333/2.334 In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 |