Vulnerabilities > Jenkins

DATE CVE VULNERABILITY TITLE RISK
2022-02-15 CVE-2022-25193 Missing Authorization vulnerability in Jenkins Snow Commander
Missing permission checks in Jenkins Snow Commander Plugin 1.10 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
6.5
6.5
2022-02-15 CVE-2022-25194 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Autonomiq
A cross-site request forgery (CSRF) vulnerability in Jenkins autonomiq Plugin 1.15 and earlier allows attackers to connect to an attacker-specified URL server using attacker-specified credentials.
network
low complexity
jenkins CWE-352
8.8
8.8
2022-02-15 CVE-2022-25195 Missing Authorization vulnerability in Jenkins Autonomiq
A missing permission check in Jenkins autonomiq Plugin 1.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
network
low complexity
jenkins CWE-862
4.3
4.3
2022-02-15 CVE-2022-25196 Open Redirect vulnerability in Jenkins Gitlab Authentication
Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in.
network
low complexity
jenkins CWE-601
5.4
5.4
2022-02-15 CVE-2022-25197 Unspecified vulnerability in Jenkins Hashicorp Vault
Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.
network
low complexity
jenkins
6.5
6.5
2022-02-15 CVE-2022-25198 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins SCP Publisher 1.8
A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.
network
low complexity
jenkins CWE-352
8.8
8.8
2022-02-15 CVE-2022-25199 Missing Authorization vulnerability in Jenkins SCP Publisher 1.8
A missing permission check in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials.
network
low complexity
jenkins CWE-862
8.8
8.8
2022-02-15 CVE-2022-25200 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Checkmarx
A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
8.8
8.8
2022-02-15 CVE-2022-25201 Missing Authorization vulnerability in Jenkins Checkmarx
Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
6.5
6.5
2022-02-15 CVE-2022-25202 Cross-site Scripting vulnerability in Jenkins Promoted Builds (Simple) 1.7/1.8/1.9
Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name of custom promotion levels, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.
network
low complexity
jenkins CWE-79
4.8
4.8