Vulnerabilities > Jenkins

DATE	CVE	VULNERABILITY TITLE	RISK
2022-03-29	CVE-2022-28149	Cross-site Scripting vulnerability in Jenkins JOB and Node Ownership Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. network low complexity jenkins CWE-79	5.4
2022-03-29	CVE-2022-28150	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins JOB and Node Ownership A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job. network low complexity jenkins CWE-352	8.8
2022-03-29	CVE-2022-28151	Missing Authorization vulnerability in Jenkins JOB and Node Ownership A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job. network low complexity jenkins CWE-862	4.3
2022-03-29	CVE-2022-28152	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins JOB and Node Ownership A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job. network low complexity jenkins CWE-352	4.3
2022-03-29	CVE-2022-28153	Cross-site Scripting vulnerability in Jenkins Sitemonitor Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sites to monitor in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. network low complexity jenkins CWE-79	5.4
2022-03-29	CVE-2022-28154	XXE vulnerability in Jenkins Coverage/Complexity Scatter Plot Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. network low complexity jenkins CWE-611	8.1
2022-03-29	CVE-2022-28155	XXE vulnerability in Jenkins Pipeline: Phoenix Autotest Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. network low complexity jenkins CWE-611	8.1
2022-03-29	CVE-2022-28156	Path Traversal vulnerability in Jenkins Pipeline: Phoenix Autotest Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to copy arbitrary files and directories from the Jenkins controller to the agent workspace. network low complexity jenkins CWE-22	6.5
2022-03-29	CVE-2022-28157	Path Traversal vulnerability in Jenkins Pipeline: Phoenix Autotest Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller via FTP to an attacker-specified FTP server. network low complexity jenkins CWE-22	6.5
2022-03-29	CVE-2022-28158	Missing Authorization vulnerability in Jenkins Pipeline: Phoenix Autotest A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. network low complexity jenkins CWE-862	6.5

Vulnerabilities > Jenkins {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Jenkins"}]}

Vulnerabilities > Jenkins