Vulnerabilities > Jenkins

DATE CVE VULNERABILITY TITLE RISK
2022-06-23 CVE-2022-34181 Unspecified vulnerability in Jenkins Xunit
Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn't exist, and parsing files inside it as test results, allowing attackers able to control agent processes to create an arbitrary directory on the Jenkins controller or to obtain test results from existing files in an attacker-specified directory.
network
low complexity
jenkins
critical
 9.1
9.1
2022-06-23 CVE-2022-34182 Cross-site Scripting vulnerability in Jenkins Nested View
Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability.
network
low complexity
jenkins CWE-79
6.1
6.1
2022-06-23 CVE-2022-34183 Cross-site Scripting vulnerability in Jenkins Agent Server Parameter 1.0/1.1
Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
network
low complexity
jenkins CWE-79
5.4
5.4
2022-06-23 CVE-2022-34184 Cross-site Scripting vulnerability in Jenkins CRX Content Package Deployer
Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
network
low complexity
jenkins CWE-79
5.4
5.4
2022-06-23 CVE-2022-34185 Cross-site Scripting vulnerability in Jenkins Date Parameter
Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
network
low complexity
jenkins CWE-79
5.4
5.4
2022-06-23 CVE-2022-34186 Cross-site Scripting vulnerability in Jenkins Dynamic Extended Choice Parameter 1.0.0/1.0.1
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
network
low complexity
jenkins CWE-79
5.4
5.4
2022-06-23 CVE-2022-34187 Cross-site Scripting vulnerability in Jenkins Filesystem List Parameter
Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
network
low complexity
jenkins CWE-79
5.4
5.4
2022-06-23 CVE-2022-34188 Cross-site Scripting vulnerability in Jenkins Hidden Parameter 0.0.4
Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
network
low complexity
jenkins CWE-79
5.4
5.4
2022-06-23 CVE-2022-34189 Cross-site Scripting vulnerability in Jenkins Image TAG Parameter
Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Image Tag parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
network
low complexity
jenkins CWE-79
5.4
5.4
2022-06-23 CVE-2022-34190 Cross-site Scripting vulnerability in Jenkins Maven Metadata
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
network
low complexity
jenkins CWE-79
5.4
5.4