Vulnerabilities > Jenkins

DATE CVE VULNERABILITY TITLE RISK
2022-02-15 CVE-2022-25197 Unspecified vulnerability in Jenkins Hashicorp Vault
Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.
network
low complexity
jenkins
6.5
6.5
2022-02-15 CVE-2022-25198 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins SCP Publisher 1.8
A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.
network
low complexity
jenkins CWE-352
8.8
8.8
2022-02-15 CVE-2022-25199 Missing Authorization vulnerability in Jenkins SCP Publisher 1.8
A missing permission check in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials.
network
low complexity
jenkins CWE-862
8.8
8.8
2022-02-15 CVE-2022-25200 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Checkmarx
A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
8.8
8.8
2022-02-15 CVE-2022-25201 Missing Authorization vulnerability in Jenkins Checkmarx
Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
6.5
6.5
2022-02-15 CVE-2022-25202 Cross-site Scripting vulnerability in Jenkins Promoted Builds (Simple) 1.7/1.8/1.9
Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name of custom promotion levels, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.
network
low complexity
jenkins CWE-79
4.8
4.8
2022-02-15 CVE-2022-25203 Cross-site Scripting vulnerability in Jenkins Team Views 0.9.0
Jenkins Team Views Plugin 0.9.0 and earlier does not escape team names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Read permission.
network
low complexity
jenkins CWE-79
5.4
5.4
2022-02-15 CVE-2022-25204 Unspecified vulnerability in Jenkins Doktor
Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists.
network
low complexity
jenkins
5.4
5.4
2022-02-15 CVE-2022-25205 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Dbcharts 0.4/0.5.2
A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if a class is available in the Jenkins instance.
network
low complexity
jenkins CWE-352
8.8
8.8
2022-02-15 CVE-2022-25206 Missing Authorization vulnerability in Jenkins Dbcharts 0.4/0.5.2
A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials.
network
low complexity
jenkins CWE-862
8.8
8.8