Vulnerabilities > Jenkins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-23 | CVE-2022-34191 | Cross-site Scripting vulnerability in Jenkins Ns-Nd Integration Performance Publisher 4.8.0.77 Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
| 2022-06-23 | CVE-2022-34192 | Cross-site Scripting vulnerability in Jenkins Ontrack Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
| 2022-06-23 | CVE-2022-34193 | Cross-site Scripting vulnerability in Jenkins Package Version 1.0.1 Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
| 2022-06-23 | CVE-2022-34194 | Cross-site Scripting vulnerability in Jenkins Readonly Parameter 1.0.0 Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
| 2022-06-23 | CVE-2022-34195 | Cross-site Scripting vulnerability in Jenkins Repository Connector Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
| 2022-06-23 | CVE-2022-34196 | Cross-site Scripting vulnerability in Jenkins Rest List Parameter Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
| 2022-06-23 | CVE-2022-34197 | Cross-site Scripting vulnerability in Jenkins Sauce Ondemand Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the name and description of Sauce Labs Browsers parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
| 2022-06-23 | CVE-2022-34198 | Cross-site Scripting vulnerability in Jenkins Stash Branch Parameter Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escape the name and description of Stash Branch parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
| 2022-06-23 | CVE-2022-34199 | Insufficiently Protected Credentials vulnerability in Jenkins Convertigo Mobile Platform 1.0/1.1 Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 6.5 |
| 2022-06-23 | CVE-2022-34200 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Convertigo Mobile Platform 1.0/1.1 A cross-site request forgery (CSRF) vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL. | 8.8 |